Nortel  branches  out 

Nortel  is  set  to  launch  its  first  branch-office  WAN 
acceleration  product.  PAGE  14. 


Answering  the  VoIP  mgmt  call 

As  VoIP  adoption  grows,  so  does  the  need  for  manage¬ 
ment  tools  that  go  beyond  availability  monitoring  to  high- 
level  voice  application  and  performance  tuning.  PAGE  32. 


ID  management  momentum 

Users  at  last  weeks  Catalyst  Conference  said  they  are 
making  strides  with  identity  management. 

PAGE  10. 
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An  Rx  for  security 

Hospitals  get 
creative  by  using 
facial-image  pass¬ 
words,  RFID,  net¬ 
work-access  con¬ 
trol  systems. 


BY  ELLEN  MESSMER 

Passwords  for  net¬ 
work  security  are 
out  and  faces  are 
in  at  ParadigmHealth. 

The  Upper  Saddle  River,  N.J.,  provider  of  care  to  seriously  ill 
patients  is  adopting  a  Web-based  authentication  method  that 
requires  doctors,  nurses  and  other  users  to  remember  images  of 
nine  faces  to  gain  access  to  patient  records  through  Paradigm- 
Healths  Web  portal. 

“There’s  a  huge  advantage  in  this  high-security  face  recogni¬ 
tion”  over  easily  shared  and  compromised  passwords,  says 
Tom  Hagen,  CEO  of  the  healthcare  company,  which  is  using 

See  Healthcare,  page  57 
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Exchange  upgrade: 
challenges  ahead 


BY  JOHN  FONTANA 

Corporate  users  who  migrate  to  Exchange  2007  will 
face  mandatory  infrastructure  changes  that,  while 
advancing  security  and  management,  could  add 
complexity  and  costs  to  their  networks. 

Beyond  the  64-bit-only  platform,  major  changes 
include  a  new  role-based  architecture  that  could 
require  users  to  roll  out  as  many  as  five  types  of 
Exchange  servers  to  support  functions  such  as 
remote  client  access,  transport  and  routing,  mailbox¬ 
es,  and  unified  messaging.  The  current  versions  of 
Exchange  give  users  two  deployment  options:  front- 
end  servers  and  back-end  servers. 

Users  also  will  face  new  clustering  limitations  and 
will  have  to  eliminate  all  Exchange  5.5  servers  from 
their  environments.  In  addition,  they  will  not  be  able 
to  do  in-place  upgrades  between  Exchange 
2000/2003  and  Exchange  2007.  And  Exchange  no 
longer  will  have  its  own  site  topology  but  will  run  on 


top  of  Active  Directory  topology 
In  addition,  Microsoft  has  yet  to  release  detailed 
migration  and  best  practices  guidelines  to  users.The 
first  public  beta  of  Exchange 
2007  is  due  by  the  end  of  July 
.  “More  complex,  yes,”  says  Peter 

Exstrop, a  network  consultant  for 
WM-Data.  “Before,  all  the  roles 
were  on  the  same  server,  but 
now  you  will  have  more  servers.” 
Exstrop  acknowledges  nearly  all 
the  Exchange  2007  roles  can  be 
deployed  on  one  server,  but  that 
will  not  be  a  viable  option  for 
larger  deployments. 


Microsoft's 
Bill  Gates 
passing  the 
torch  to  Ray 
Ozzie.  Page  8. 


“But  I  look  forward  to  splitting  the  server  roles,”  he 
says.“Security  is  better, you  don’t  have  to  have  a  com¬ 
plete  Exchange  server  in  your  [demilitarized  zone] 

See  Exchange,  page  14 


Wireless  network  companies  to  watch 


BY  JOHN  COX 

There  are  many  emerging  wire¬ 
less  technologies  and  companies, 
but  few  of  them  will  actually 
affect  corporate  networks.  (No, 
being  able  to  watch  last  night’s 
episode  of  “Desperate  House¬ 
wives”  on  your  smart-phone  is  not 
an  enterprise  application.) 


Here’s  a  look  at  five  companies 
whose  products  could  make  a  dif¬ 
ference  for  corporate  networks 
and  mobility: 

Azima 

Azima  offers  a  hosted  predictive 
maintenance  service  to  Fortune 
100  and  300  clients  such  as  utili¬ 


ties,  steel  companies,  paper  mills 
and  pharmaceutical  companies. 
It’s  made  possible  and  affordable 
by  802.1  lb  wireless  LAN  (WLAN) 
connections. 

Azima  installs  a  box,  called  the 
Azima  Hub,  near  a  machine  such 
as  a  generator. The  Hub  connects 
via  wires  to  existing  or  new  sen¬ 
sors  on  the  machine  that  are  fit¬ 
ted  to  measure  vibration,  temper¬ 
ature  and  other  variables. 
Sensors  send  analog  data  to  the 
Hub  for  collection,  digitization 
and  preprocessing. 

Using  an  embedded  802.11b 
radio,  the  Hub  connects  to  a 
wireless  access  point,  typically 
already  in  place  as  part  of  the 
See  Wireless,  page  16 
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Multicore  chips  offer 
increased  performance. 
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Curt  Schumacher,  CTO, 

Chicago  Board  Options  Exchange, 
is  testing  dual-core  Opteron  servers 
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A  Global  Hotel  Company  Analyzing  1.4  Million  Records  a  Day. 

Running  On  Microsoft  SQL  Server  2005. 


i 

ru 

•• 

i 

nTH 

i  ! 

• 

How  does  Hilton  forecast  demand  for  its  370,000  rooms  and  its  catering  services?  They 
import  data  from  six  systems  into  one  data  warehouse  requiring  7  million  rows,  and 
running  on  SQL  Server™ 2005  with  99.98%  uptime.*  See  how  at  microsoft.com/bigdata 
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Remember  when  technology 
had  the  ability  to  amaze  you? 


Believe  again. 

Now  you  can  believe  in  a  new  kind  of  IT  management.  Unified  and  simplified  to  make  your 
business  more  productive,  nimble,  competitive  and  secure. 

We  all  know  that  companies  are  demanding  more  from  IT  —  expecting  IT  to  be  a  strategic 
and  competitive  advantage.  Yet  today's  complex  IT  environments  require  you  to  manage 
across  point  solutions,  siloed  organizations  and  redundant  technology. 

A  better  alternative?  Choose  an  integrated  approach  to  IT  management.  An  approach  in 
which  software  unifies  your  people,  processes  and  technology  to  increase  efficiency  and 
optimization.  Only  one  global  software  company  can  do  that.  CA,  formerly  known  as 
Computer  Associates,  has  focused  solely  on  IT  management  software  for  over  30  years. 

Our  technology  vision  that  makes  this  promise  real  is  called  Enterprise  IT  Management, 
or  EITM.  At  its  heart  is  the  CA  Integration  Platform  —  a  common  foundation  of  shared 
services  that  gives  you  real-time,  dynamic  control  and  flexibility.  Its  greatest  benefit? 

CA  software  solutions  come  to  you  already  integrated,  and  able  to  integrate  with  your 
existing  technology  to  optimize  your  entire  IT  environment. 

Ultimately,  a  well-managed  IT  environment  gives  you  the  visibility  and  control  you  need 
to  manage  risk,  manage  costs,  improve  service  and  align  IT  investments.  To  learn  more 
about  how  CA  and  our  wide  array  of  partners  can  help  you  unify  and  simplify  your  IT 
management,  visit  ca.com/unify. 
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Network  neutrality  debate 

Still  undecided  about  network  neu¬ 
trality?  Our  debate/forum  on  the 
topic  lets  you  see  both  sides. 

DocFinder:  3945 

ITVideo:  Good  and  bad  of  the  'Net 

Columnist  Scott  Bradner  talks  about 
the  biggest  opportunities  on  the  Web 
(hint:  you're  it)  and  the  biggest 
threats  (hint:  carriers  and  sloppy 
data  owners).  DocFinder:  3946 

Linksys  Wi-Fi  Finder 

Cool  Tools  Editor  Keith  Shaw  takes 

Online  help  and  advice 


a  look  at  the  Linksys  Wi-Fi  finder 
and  USB  adapter,  a  handy  tool  that 
lets  you  find  out  whether  a  Wi-Fi 
connection  exists,  and  then  plugs 
into  your  computer  and  automati¬ 
cally  connects  to  the  network, 
DocFinder:  3947 

SOA  2.0? 

On  IT  Borderlands,  Ken  Fasimpaur 
discusses  a  petition  drive  to  keep 
people  from  using  "SOA  2.0"  ever 
again. 

DocFinder:  3948 


Preparing  for  the  GCNA 

Help  desk  guru  Ron  Nutter  helps  a 
user  decide  whether  a  router  simu¬ 
lator  or  a  test  network  is  the  best 
way  to  help  train  for  the  CCNA 
exam.  DocFinder:  3949 

Wireless  attacks:  Damages  and 
costs 

Columnist  Chris  Waters  looks  at  the 
issues  you  need  to  consider  when  it 
comes  to  wireless  security. 

DocFinder:  3950 

DHCP  is  a  core  technology  for 
network  access  control 

Security  newsletter  writer  M.E. 

Seminars  and  events 


Kabay  tells  you  what  you  need  to 
know  about  DHCP  and  NAC. 

DocFinder:  3952 

Why  videoconferencing  matters 

Analyst  Robin  Gareiss  explains  why 
you  should  consider  extending  it  to 
the  branch  offices. 

DocFinder:  3951 

The  problems  presented  by 
image-based  spam 

Michael  Osterman,  of  Osterman 
Research,  proves  a  picture  is 
worth  a  thousand  nonsense  words. 

DocFinder:  3953 


It  all  happens  next  week— IT  Roadmap:  Chicago 

Successful  IT  executives  need  to  know  about  not  only  compelling  new  technolo¬ 
gies  and  industry  best  practices,  but  also  how  all  these  pieces  fit  together  to 
create  an  architecture  that  helps  drive  business.  And  only  one  event  — 
Network  World's  IT  Roadmap  —  lets  you  do  it  all  in  six  key  areas.  Qualify  to 
attend  free  when  IT  Roadmap  comes  to  Chicago  on  June  27. 

DocFinder:  3954 
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Go  online  for  breaking  news  every  day.  DocFinder  1001 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 
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the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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Microsoft  warns  of  new  hole  in  Excel 

S  A  new  vulnerability  has  been  found  in  Microsoft’s  Excel  spreadsheet  pro¬ 
gram,  just  a  few  days  after  the  company  fixed  problems  with  several  of  its 
applications  in  its  monthly  patch  distribution.  One  customer  reported  an 
attack  using  the  vulnerability  which  comes  from  an  e-mail  with  a  malicious 
Excel  document  attached,  wrote  Mike  Reavey  Microsoft  security  program 
manager,  on  the  company’s  security  blog. The  post,  which  did  not  give  fur¬ 
ther  details  on  what  the  malware  does  when  downloaded,  can  be  found  at 
www.nwdocfinder.com/3956. 


TheGooc  ITheBadTheUgly 

<  Cubbies  go  cellular.  While  the  Chicago 
White  Sox  play  baseball  at  U.S.  Cellular  Field,  it's  the 
crosstown  Cubs  that  will  become  the  Mqjor  League's  first 
team  to  switch  from  a  corded  to  a  wireless  phone  for  calls 
made  from  coaches  to  the  bullpen.  The  two  wireless  hand¬ 
sets  are  designed  to  work  on  a  secure,  private  channel. 
The  Cubs'  first  dugout-to-bullpen  phones  were  installed  in 
the  1950s. 

Patching  Windows.  The  bad  news  is  that 
Microsoft  last  week  issued  12  bulletins  addressing  21  vul¬ 
nerabilities  in  products  ranging  from  Internet  Explorer  to 
PowerPoint.  The  good  news  is  that  the  company  issued 
fixes  for  them. 


Netscape  redux 

■  Netscape,  the  name  that  once  defined  the  high-flying 
early  days  of  the  Internet  before  crashing  and  burning 
during  its  browser  battle  with  Microsoft,  is  being  revived 
as  a  social  news  site, according  to  Netscape-owner  AOL. 
The  company  says  the  site  will  mimic  popular  sites 
Slashdot  and  Digg.com  by  aggregating  news  and  hav¬ 
ing  top  stories  determined  by  votes  from  readers.  The 
difference  is  the  Netscape  site  will  have  editors,  whom 
it  calls  anchors,  who  may  add  their  own  angles  to  sto¬ 
ries  based  on  their  reporting.  The  new  Netscape.com 
Web  site  is  slated  to  debut  July  1.  Users  will  have  to  reg¬ 
ister  to  submit  and  post  stories.  The  site  will  accept 
users  with  existing  Netscape,  AOL  and  AOL  AIM  logons 
and  passwords. 

Cisco  and  Black  Hat  cuddle 

■  The  bad  blood  between  Cisco  and  organizers  of  the 
Black  Hat  conference  appears  to  be  a  thing  of  the  past. 
One  year  after  suing  the  hacker  conference  for  letting 
security  researcher  Michael  Lynn  disclose  a  security 
vulnerability,  Cisco  is  returning  to  Black  Hat  —  this  time 
as  one  of  the  show’s  top  sponsors.  Black  Hat  USA  runs 
July  29  to  Aug.  3  in  Las  Vegas.  Cisco  sponsored  Black  Hat 
in  the  past,  but  this  is  the  first  time  it  is  shelling  out  for 
the  shows  most  expensive,  platinum  sponsor  status.This 
means  Ciscos  name  will  be  prominently  displayed  on 
conference  materials  and  the  company  will  be  given 
sponsorship  credit  for  some  of  the  show  events.  Cisco’s 
legal  team  may  not  be  in  attendance,  but  members  of 
the  company’s  Product  Security  Incident  Response 
Team  information  group  will  be  there  in  force,  the  com¬ 
pany  says.  At  last  year’s  show,  Lynn  demonstrated  a 
method  for  running  unauthorized  code  on  a  Cisco 
router.  Cisco  considered  it  a  dangerous  disclosure  of 
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Pathetic.” 


House  Rep.  Bob  Filner  (D.-Calif.)  at  a  hearing,  lamenting  the  gov¬ 
ernment's  Veterans  Affairs  Department  taking  close  to  six  weeks 
to  notify  some  veterans  their  personal  information  may  have 
been  compromised  in  last  month 's  massive  data  theft. 


information  that  could  be  used  to  harm  the  Internet’s 
infrastructure.  Cisco,  and  Lynn’s  former  employer 
Internet  Security  Systems,  sued  Lynn  and  Black  Hat  to 
prevent  them  from  further  discussing  the  matter.  The 
lawsuit,  however,  helped  bring  more  attention  to  the 
flaw  and  simply  punished  Lynn  for  doing  security 
research  that  Cisco  should  have  done  itself,  according 
to  Cisco’s  critics. 

Coin’  mobile  with  Linux 

■  A  group  of  top  mobile  phone  makers  and  operators 
are  launching  a  foundation  to  create  an  open,  Linux- 
based  software  platform  for  mobile  devices. The  com¬ 
panies,  including  Motorola,  NEC,  NTT  DoCoMo, 
Panasonic  Mobile  Communications,  Samsung  and 
Vodafone,  said  last  week  they  plan  to  focus  on  the 
development  and  marketing  of  an  API  specification, 
architecture  and  source  reference.  The  group  hopes 
to  foster  collaborative  creation  of  a  mobile  Linux 
environment  and  work  to  minimize  fragmentation  in 
the  market.  Initially,  the  founders  plan  to  be  responsi¬ 
ble  for  the  reference  implementation  of  the  mobile 
operating  platform  but  will  later  invite  other  compa¬ 
nies  to  join,  including  phone  makers,  operators,  chip 
manufacturers  and  software  vendors. This  will  be  the 
third  mobile  Linux  group  to  launch  within  a  year,  join¬ 
ing  the  Linux  Phone  Standards  Forum  and  the  Mobile 
Linux  Initiative. 

VA  gets  congressional  shelling 

■  U.S.  lawmakers  last  week  questioned  why  the  U.S. 
Department  of  Veterans  Affairs  continues  to  suffer 
from  cybersecurity  problems  despite  multiple  warn¬ 
ings  from  government  auditors.  Members  of  the 
House  Veterans  Affairs  Committee  asked  government 


VoIP  could  force  tough  choice.  An  fcc  rule 

requiring  VoIP  providers  to  allow  wiretapping  by  May  2007  would 
require  a  massive  reengineering  of  the  Internet  or  introduce  broad 
security  risks,  say  authors  of  a  new  study  released  by  the  Information 
Technology  Association  of  America,  an  IT  vendor  trade  group.  "You  find 
yourself  in  a  technologically  very,  very  complicated  problem,"  says  Sun 
GSO  Whitfield  Diffie. 


auditors  why  the  VA  has  not  acted  on  repeated  cyber¬ 
security  recommendations.  The  hearing  follows  the 
VA’s  announcement  last  month  that  personal  data  of 
26.5  million  U.S.  military  veterans  and  spouses  was 
stolen  from  the  home  of  a  VA  data  analyst,  who  had 
the  information  stored  on  a  personal  laptop  com¬ 
puter  and  an  external  hard  drive.  He  was  not  autho¬ 
rized  to  take  that  information  home.  The  VA  said  the 
computer  equipment  and  not  the  data  was  the  target. 
Some  veterans  received  notices  of  the  data  theft  by 
mail  this  week,  close  to  six  weeks  after  the  May  3 
break-in.  The  Government  Accountability  Office  has 
issued  multiple  reports  about  VA  cybersecurity  prob¬ 
lems  since  2000,  and  the  VA  has  received  a  failing 
grade  in  four  of  the  past  five  years  on  an  annual 
cybersecurity  review  by  the  House  Government 
Reform  Committee. 

Malware  taking  a  breather? 

■  The  proportion  of  e-mail  messages  that  contain 
malware  has  fallen  for  the  first  six  months  this  year 
compared  with  the  same  period  last  year,  security 
vendor  Sophos  said  last  week.  Statistics  released  by 
Sophos  show  that  about  one  in  91  e-mail  messages 
contained  a  virus  or  other  type  of  bad  software,  far 
less  than  the  one-in-35  figure  of  a  year  ago.  Sophos 
provides  enterprise-level  virus,  spam,  adware  and 
malware  protection  products.  While  the  news  is  wel¬ 
come,  the  bad  guys  haven’t  given  up;  many  are  just 
changing  tactics,  the  company  said.  Malware  writers 
are  increasing  their  focus  on  Trojan  horse  programs, 
a  class  of  malicious  software  that  can  include  pro¬ 
grams  called  keyloggers.  Keyloggers  send  user  logons 
and  passwords  to  a  server  controlled  by  a  hacker. The 
programs  also  can  harvest  credit  card  numbers  and 
other  personal  data  that  could  be  used  in  an  identity 
theft  scheme. 
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ierosoft  to  lose  Gates’  star  power 


“I  believe  with  great  wealth  comes 
great  responsibility  ...  to  see  those 
resources  put  to  work  to  help  those 
most  in  need.” 

Bill  Gates,  chairman  and  chief  software  architect,  Microsoft 


BY  JOHN  FONTANA 

Bill  Gates’  scheduled  departure 
from  Microsoft  in  July  2008  may 
not  have  a  dramatic  technical 
effect  on  software  development, 
but  the  company  will  miss  the 
benefits  of  his  star  power  in  the  in¬ 
dustry  according  to  observers. 

In  addition,  Gates’  announce¬ 
ment  last  week  that  he  was  going 
to  transition  out  of  Microsoft 
throws  the  spotlight  on  CEO  Steve 
Ballmer’s  tenure  with  the  compa¬ 
ny  The  two  have  spent  about  the 
same  number  of  years  at  Micro¬ 
soft  and  are  close  in  age.  They  are 
the  No.  1  and  No. 2  stockholders  in 
the  company 

“This  is  really  going  to  be  the 
end  of  an  era  in  many  ways,”  says 
Dwight  Davis,  an  analyst  for 


Summit  Strategies.  “I  don’t  think 
Microsoft  will  suffer  dramatically 
from  Gates’  departure  in  a  techni¬ 
cal  sense,  but  from  a  profile  sense, 
from  an  industry  image  sense, 
Microsoft  is  not  going  to  be  per¬ 
ceived  to  be  the  same  without 
him  at  the  helm. Only  a  handful  of 
companies  have  had  a  real  strong 
personality  who  was  very  synony¬ 
mous  with  the  company  itself, and 
Bill  Gates  was  on  top  of  the  heap 
in  that  regard.” 

Over  the  years,  Gates  has  been 
spending  more  time  on  work  with 
the  Bill  &  Melinda  Gates  Found¬ 
ation.  Last  year,  Gates,  his  wife 
Melinda  and  rock  star  Bono  were 
named  persons  of  the  year  by 
Time  magazine. 

“I  believe  with  great  wealth 


comes  great  responsibility  Gates 
said  in  a  press  conference  last 
week  where  he  announced  the 
transition.  “Responsibility  to  see 
those  resources  put  to  work  to 
help  those  most  in  need.” As  of  last 
year,  Gates  and  his  wife  had  en¬ 
dowed  the  Gates  Foundation  with 
more  than  $28.8  billion  to  support 
philanthropic  initiatives  in  the 
areas  of  global  health  and  learn¬ 
ing. 


The  debate  over  how  long  Gates 
might  remain  at  Microsoft  has 
been  going  on  for  years. 

“It  doesn’t  come  as  a  big  shock 
to  me,”  says  Jackson  Shaw,  a  for¬ 
mer  Microsoft  manager  and  now 
senior  director  of  product  man¬ 
agement  for  Active  Directory  and 
integration  solutions  at  Quest  Soft- 
ware.“We  all  have  been  waiting  for 
when  Bill  is  going  to  spend  more 
time  working  on  his  charity  and 


foundation  and  stuff  that  is  really 
good  for  the  world.  But  the  con¬ 
cern  in  my  mind  as  he  moves 
away  is  who  fills  the  void, because 
Bill  is  a  special  guy’ 

The  watch  to  see  if  anyone  can 
succeed  in  filling  the  void  won’t 
officially  start  until  2008. 

But  Ray  Ozzie,  Microsoft  CTO, 
will  immediately  assume  the  title 
of  chief  software  architect  and 
will  work  side  by  side  with  Gates 
over  the  next  two  years. 

“I’ve  worked  with  Ray  for  over  20 
years  and  his  vision  has  led  to 
some  of  the  most  important  devel¬ 
opments  in  our  industry’  Gates 
said. 

Ozzie  came  to  Microsoft  last 
year  when  the  company  acquired 

See  Gates,  page  16 


HP  rolls  out  new  management  software 

Company  adds  business-impact  analysis  and  application-discovery  software,  introduces  blade  platform. 


BY  DENISE  DUBIE 
AND  JENNIFER  MEARS 

HP  this  week  is  set  to  announce  software 
that  supports  what-if  modeling  scenarios 
that  the  company  says  will  enable  buyers  to 
determine  how  changes  made  to  staff  and 
infrastructure  resources  will  affect  business 
service  levels. 

HP  OpenView  DecisionCenter  is  one  of 
many  tools  HP  will  unveil  at  this  week’s  HP 
Software  Forum  in  Miami,  which  is  expect¬ 
ed  to  draw  close  to  3,000  attendees. 

DecisionCenter  installs  on  a  Windows  XP 
or  2003  server  and  collects  data  from  other 
OpenView  management  applications,  such 
as  ServiceCenter,  and  third-party  sources 
such  as  business  intelligence  or  analytics 
engines  from  Business  Objects. 

Using  that  data,  it  can  calculate  the  poten¬ 
tial  change  a  difference  in  staff  or  capacity 
will  have  on  application  and  business  ser¬ 
vice  levels.  For  example,  the  software  can 
help  network  managers  determine  how 
adding  routers  would  affect  traffic  or  how 
reducing  data  center  servers  can  lessen 
costs,  the  company  says. 

“The  software  can  help  show  the  costs 
associated  with  hardware  and  staff  re¬ 
sources,  and  show  how  you  could  make 
better  use  of  them  at  different  sites,  like 
redundant  data  centers  for  instance,”  says  a 
network  manager  at  a  large  financial  ser¬ 
vices  firm  who  beta-tested  the  product  and 
wishes  to  remain  anonymous.  “Design- 
Center  could  tell  me  that  if  I  consolidate 
servers  I  can  save  this  much  money  on 
hardware  or  move  these  staff  resources.” 

“This  type  of  planning  tool  can  more 


quickly  relate  for  customers  how  IT  needs 
to  directly  support  service  levels  based  on 
business  priorities,”  says  Rich  Ptak,  a  princi¬ 
pal  analyst  with  Ptak  Noel  &  Associates. 
Competitors  BMC  Software,  CA  and  IBM 
have  or  are  expected  to  announce  similar 
products,  Ptak  says. 

Also  new  this  week  is  Application  Insight, 
an  OpenView  software  module  that  fea¬ 
tures  modeling  and  discovery  capabilities 
that  the  company  says  can  better  track  dis¬ 
tributed  application  performance. The  soft¬ 
ware  uses  agent-less  application  discovery 
and  relationship  mapping  technology  and 
couples  that  information  with  perfor¬ 
mance,  service  level  and  response  time 
metrics  collected  by  HP  applications. 

Jean-Philippe  Draye,a  system  architect  re¬ 
sponsible  for  application  performance  in 
the  IT  enterprise  architecture  department 
at  Avaya,  in  Belgium,  has  been  coupling 
HP’s  OpenView  Transaction  Analyzer  and 
OpenView  Internet  Services  applications 
on  his  own  and  is  looking  forward  to  the 
arrival  of  Application  Insight.  He  uses  the 
products  to  track  application  and  transac¬ 
tion  response  time  metrics  on  distributed 
servers  and  generate  synthetic  user  traffic 
to  determine  the  user  experience  with 
applications  such  as  Siebel. 

“We  have  been  waiting  for  the  discovery 
features,”  Draye  says.“Usually  we  know  what 
we  need  to  manage,  but  this  will  help  us  to 
find  things  that  inevitably  are  there  but  that 
we  are  unaware  of,  such  as  instances  of 
Oracle.” 

HP  next  week  also  is  expected  to  add 
more  business  metrics  and  compliance  re¬ 


porting  features  to  OpenView  AssetCenter 
5.0,  the  asset  management  software  it 
picked  up  with  the  acquisition  of  Peregrine 
late  last  year.  The  company  says  the  soft¬ 
ware  can  help  customers  see,  for  instance, 
what  software  licenses  they  are  using  and  if 
that  complies  with  existing  vendor  con¬ 
tracts.  “Knowing  the  charges  associated 
with  the  IT  assets  helps  me  drive  down 
costs,”  the  financial  services  firm’s  network 
manager  says. 

Scheduled  to  be  available  in  September, 
OpenView  DecisionCenter  is  priced  start¬ 
ing  at  $42,500  and  OpenView  AssetCenter 
5.0  costs  about  $3,100  per  seat.  Due  out 
later  this  year,  OpenView  Application  In¬ 
sight  starts  at  about  $2,150. 

Separately,  HP  last  week  unveiled  the 
BladeSystem  c-Class,  a  new  blade  chassis 
and  servers  that  include  a  number  of  en¬ 
hancements,  such  as  advanced  virtualiza¬ 
tion  and  management  features  that  HP 
executives  say  should  help  customers  cut 
data  center  costs. 

The  17-inch  c7000  blade  chassis  can  hold 
as  many  as  16  servers  and  includes  as 
many  as  four  redundant  I/O  fabrics,  sup¬ 
porting  a  total  of  5  terabits  of  throughput. 
With  the  c7000,  HP  also  introduced  two 
new  blade  servers:  the  ProLiant  BL460c,  a 
two  processor,  dual-core  Xeon-based  blade 
with  support  for  as  much  as  16GB  of  mem¬ 
ory;  and  the  BL480c,  a  two-processor,  dual¬ 
core  Xeon  system  that  supports  as  much  as 
48GB  of  memory. 

“The  next  generation  of  blades  is  really 
about  how  we  take  this  concept  of  the 
blade  architecture  and  the  serviceability 


ease  of  use  and  flexibility  that  blade  servers 
offer, and  use  it  to  run  mission-critical  appli¬ 
cations  like  large  databases,  CRM  and  ERR’ 
says  John  Humphreys,  a  research  manager 
at  1DC. 

HP  competes  with  IBM,  which  introduced 
its  new  BladeCenter  H  with  expanded  net¬ 
work  capabilities  earlier  this  year  and  leads 
the  market  with  a  40%  share,  according  to 
1DC.  HP  is  not  far  behind  with  36%  of  the 
market. 

“HP  and  IBM  are  very  much  signed  on  to 
this  integrated  data  center  in  a  box 
approach.”  says  Gordon  Haff,  an  analyst 
with  Illuminata. 

For  HP  that  means  tying  its  management 
tools  to  the  blade  package.  The  c-Class  fea¬ 
tures  Insight  Manager  systems  manage¬ 
ment  tools  that  enable  customers  to  use  a 
single  console  to  manage  physical  and  vir¬ 
tual  servers,  as  well  as  networking,  power 
and  cooling.  HP  says  a  single  administrator 
should  be  able  to  manage  200  devices. 

The  c7000  includes  HP  Onboard  Admini¬ 
strator,  a  2-inch  LCD  panel  on  the  front  of 
the  chassis  that  aids  in  systems  monitor¬ 
ing,  troubleshooting  and  repair. 

The  BladeSystem  c-Class  and  its  pricing 
are  set  to  be  available  in  July.B 


Correction 


■  The  story  "The  importance  of  info  stew¬ 
ardship"  (June  12,  page  39)  should  have 
noted  that  Don  Kingsberry  was  no  longer 
employed  at  HP  as  of  press  time. 
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aking  headway  on  ID  management 


Burton  Group  conference  attendees  share  steps  taken  on  identity  management 


BY  NEAL  WEINBERG 

SAN  FRANCISCO  —  Rolling  out 
a  complete  identity  management 
system  is  virtually  impossible 
today,  given  the  immature  state  of 
tools,  frameworks  and  standards 
available.That  doesn’t  mean  you 
can’t  tackle  discrete  pieces  of  the 
identity  management  puzzle, 
however,  with  projects  that  target 
single  sign-on,  two-factor  authenti- 


BY  TIM  GREENE 

Making  it  possible  for  law  en¬ 
forcement  to  tap  VoIP  calls  will 
open  Internet  security  holes  that 
could  endanger  corporate  voice 
and  data  traffic,  according  to  a 
report  by  a  group  of  respected 
Internet  figures. 

With  the  federal  wiretapping 
law  scheduled  to  apply  to  pro¬ 
viders  of  VoIP  next  May  14,  now  is 
the  time  for  businesses  to  evalu¬ 
ate  whether  to  take  steps  to 
counter  the  risks  it  represents,  the 
experts  say 

The  report,  “Security  Implica¬ 
tions  of  Applying  the  Communi¬ 
cations  Assistance  to  Law  En¬ 
forcement  Act  to  Voice  over  IP’ 
calls  CALEA  wiretapping  “an  ar¬ 
chitected  security  breach”  that 
could  be  exploited  by  unautho¬ 
rized  parties. 

Given  the  difficulty  of  isolating 
voice  packets  among  data  pack¬ 
ets  mixed  in  a  stream,  even  legiti¬ 
mate  use  of  wiretaps  will  in¬ 
evitably  result  in  capturing  more 
than  just  the  phone  calls  autho¬ 
rized  by  CALEA  court  orders,  says 
David  Endler,  a  director  of  the 
Voice  Over  IP  Security  Alliance,  an 
industry  association  focused  on 
developing  VoIP  security  stan¬ 
dards.  “How  would  you  limit  it  to 
voice?  This  apparatus  would  have 


cation,  automated  provisioning  or 
role-based  access  control. 

That  was  the  central  theme  of 
this  year’s  Burton  Group  Catalyst 
Conference,  where  CEO  Jamie 
Lewis  noted  that  progress  has 
been  made  since  last  year’s  event, 
primarily  in  the  area  of  applica¬ 
tion  frameworks  and  tools.  He 
added,  however,  that  these  frame¬ 
works  haven’t  reached  even  1.0 


to  capture  everything,”  he  says. 

With  businesses  embracing 
converged  networks  that  carry 
voice  and  data,  this  puts  more 
than  phone  calls  at  risk  —  instant 
messaging, e-mail  and  any  corpo¬ 
rate  transactions  made  over  the 
Internet  could  be  captured,  the 
report  says. 

The  report  was  written  for  the 
Information  Technology  Associ¬ 
ation  of  America,  a  trade  organi¬ 
zation,  and  its  authors  include 
Internet  pioneer  Vint  Cerf,  public- 
key  cryptography  developer  Whit¬ 
field  Diffie  and  IETF  security 
leader  Steven  Bellovin. 

A  wiretap  is  a  vulnerability  that 
others  besides  law  enforcement 
could  exploit,  and  the  routers  that 


status  and  probably  won’t  be 
ready  for  prime  time  for  quite  a 
while. 

Still,  Lewis  said,  “cautious  opti¬ 
mism  is  warranted.”  Major  vendors 
such  as  CA,  HP  IBM,  Juniper,  Micro¬ 
soft,  Novell  and  Oracle  have  made 
a  commitment  to  identity  man¬ 
agement.  Regulations  such  as 
Sarbanes-Oxley  are  driving  com¬ 
panies  to  beef  up  their  internal 


would  be  tapped  are  not  kept  uni¬ 
formly  secure,  the  panel  notes. 
Typically  these  devices  are  less 
secure  than  phone  switches  in  the 
traditional  public  phone  network, 
the  authors  say 

In  the  hands  of  malicious  par¬ 
ties,  a  tap  could  grab  any  type  of 
traffic  passing  through  the  router 
and  be  an  access  point  for  man- 
in-the-middle  attacks,  in  which 
data  in  a  stream  is  altered.  “By 
opening  up  the  communications 
to  an  unacknowledged  third  party 
wiretapping  is  an  architected 
security  breach;  the  combination 
of  wiretapping  with  remote  deliv¬ 
ery  elevates  the  risk  that  commu¬ 
nications  security  can  be  violated 
See  VoIP,  page  57 


controls.  And  online  customer 
authentication  has  become  a  hot 
topic  in  light  of  new  banking  reg¬ 
ulations  and  the  security  prob¬ 
lems  associated  with  identity  theft 
and  online  fraud.  Given  that  there 
is  no  all-in-one  identity  manage¬ 
ment  product  today,  companies 
are  forging  ahead  and  trying  to 
solve  specific  problems  with 
point  products. 

For  example,  TransCanada  Pipe¬ 
line  in  Calgary  has  3,000  users 
who  previously  averaged  13  pass¬ 
words  each.  Password  problems 
represented  20%  of  help  desk 
calls.  The  company  set  out  to  im¬ 
plement  single  sign-on  and  two- 
factor  authentication  to  boost 
security  make  life  easier  for  users 
and  reduce  help  desk  calls, 
according  to  technical  architect 
Martin  Vant  Erve. 

Buying  into  ID 
management 

Identity  management  soft¬ 
ware  revenues  (not  including 
consulting  revenue)  reached 
$1.5  billion  in  2005. 

SOURCE:  THE  BURTON  GROUP 

TransCanada  chose  a  single 
sign-on  product  called  V-Go  from 
Passlogix  and  went  with  RSA 
SecurelD  —  which  was  already  in 
use  by  about  20%  of  the  company 
—  for  two-factor  authentication. 

Vant  Erve  approached  the  roll¬ 
out  gingerly,  creating  multiple 
pilot  groups  and  even  making 
signup  voluntary  in  the  begin¬ 
ning.  Eventually  the  whole  com¬ 
pany  bought  into  the  program, 
which  accomplished  two  goals: 
improved  security  and  easier  user 
navigation  among  the  company’s 
3,000  applications  and  Web  sites. 
But  Vant  Erve  found  help  desk 
calls  increased.“I  forgot  my  token” 
is  now  one  of  the  top  three  rea¬ 
sons  people  call,  he  said. 

Still,  the  company  views  the 
project  as  a  success,  and  a  bonus 
is  that  TransCanada  has  one 
building  block  in  place  as  it 
moves  toward  full-blown  identity 
management. 

Compliance  was  the  driving  fac¬ 
tor  behind  Toro.'s  move  to  role- 
based  access  control,  according 


to  Michael  Drazan,  vice  president 
of  corporate  information  services 
at  the  $1.8  billion  company  in 
Bloomington,  Minn. 

He  had  a  variety  of  issues  to  ad¬ 
dress.  First,  if  he  had  graded  his  ac¬ 
cess  control  system  relative  to 
Sarbanes-Oxley  compliance,  it 
would  have  scored  between  a  C- 
minus  and  a  D.  Another  problem 
was  that  his  security  team  spent 
most  of  its  time  dealing  with  pass¬ 
word  problems.  And  Drazan  had  a 
financial  constraint:  He  did  not 
want  to  spend  additional  money 
on  security, because  his  overriding 
strategic  goal  was  to  use  IT  re¬ 
sources,  not  on  operations,  but  to 
help  drive  the  business  forward. 

So  Drazan  embarked  on  a  role 
based  access-control  project 
based  on  Sun’s  Java  System  Ac¬ 
cess  Manager  and  Prodigen’s  Con¬ 
touring  Engine,  which  sifts 
through  log  files  and  figures  out 
what  applications  people  use.  For 
example,  if  an  employee  has  ac¬ 
cess  to  12  applications  but  never 
uses  nine  of  them,  it’s  possible  — 
after  consulting  with  the  employ¬ 
ee,  the  security  team  and  the  data 
owner  —  to  create  a  new  role 
with  reduced  access. 

The  company  took  an  applica- 
tion-by-application  approach  and 
went  through  the  process  with  its 
core  SAP  and  Ariba  applications. 
Drazan  says  SAP  transactional 
access  has  gone  down  62%,  audits 
are  clean,  security  administration 
has  been  reduced  and  his  secur¬ 
ity  budget  remains  flat. The  next 
step  is  to  extend  role-based 
access  control  to  dealers,  distribu¬ 
tors  and  suppliers,  he  said. 

Other  users  at  the  conference 
emphasized  how  difficult  setting 
up  identity  management  can  be. 

William  Gebhardt,  a  director  at 
UBS,  said  that  as  he  grapples  with 
setting  up  a  secure  online  finan¬ 
cial  services  system  he  has  to 
strike  a  balance  between  security 
usability  and  cost.  For  example,  if 
he  makes  tokens  small,  he  saves 
money  —  but  his  older  cus¬ 
tomers  might  not  be  able  to  read 
the  screen.  He  said  companies 
should  start  by  setting  up  an  iden¬ 
tity  management  architecture 
and  begin  rolling  out  identity 
management  projects.  However, 
he  cautioned,  “It’s  going  to  be 
quite  frustrating.”  ■ 


|  Columnist  Scott  Bradner's 
take  on  what  VoIP  wiretapping 
could  mean  to  enterprises. 
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'Net  pioneers  sound  security 
alarm  over  VoIP  wiretaps 


How  soon  will  legal  taps  hit  VoIP 

The  FCC  has  set  May  14, 2007,  as  the  date  VoIP  service 

providers  must  comply  with  the  federal  wiretapping  law  called 

Communications  Assistance  to  Law  Enforcement  Act 

(CALEA),  but  the  technical  hurdles  are  high.  Some  of  these: 

•  There  is  no  accepted  architecture  for  VoIP  taps. 

•  Varying  models  of  how  VoIP  services  are  supported  make  a  single  architecture 
unlikely  and  therefore  making  implementation  more  difficult. 

•  Physically  securing  the  switching  and  routing  equipment  so  it  is  only  tapped  by 
legitimate  parties. 

•  Users  can  easily  create  new  Internet  identities  making  it  difficult  to  target  an 
individual's  calls. 

•  The  delivery  path  of  tapped  calls  to  law  enforcement  creates  a  second  path  that 
unauthorized  eavesdroppers  could  exploit. 

•  Smart  user  devices  make  it  more  likely  that  taps  will  be  discovered. 

•  Minimizing  the  amount  of  traffic  tapped  to  specific  calls  is  very  difficult  and  may 
mean  capturing  more  than  what  has  been  authorized,  possibly  infringing  privacy  laws. 
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urn canes  to  test  disaster  recovery 


Defining  disasters 


Gartner  suggests  that  customers  develop  a  service-level  classification  system  for  their  applications, 
such  as  the  one  here,  as  part  of  a  disaster  recovery  plan. 


Class 


Business  process  services 


Recovery  time  objective 


Customer/partner  facing  systems  and  applications. 


Zero  to  four  hours 


Less  critical  revenue  producing  functions,  such  as  supply  chain. 


Eight  to  24  hours 


Enterprise  back  office  functions. 


Three  days 


Departmental  functions. 


Five-plus  days 


BY  DENI  CONNOR 

ORLANDO  —  With  Tropical 
Storm  Alberto  threatening  to  dam¬ 
age  parts  of  Florida  last  week, 
much  attention  at  Gartner’s 
Storage  Summit  turned  to  the  sub¬ 
jects  of  disaster  recovery  and 
business  continuity 

“We  live  DR,"  said  Chris  Chris¬ 
tian,  network  designer  for  ship¬ 
ping  and  transportation  company 
Norfolk  Southern  in  Atlanta, 
which  has  implemented  a  disas¬ 
ter  recovery  plan  that  involves 
replication  of  data  between  stor¬ 
age-area  networks  (SAN)  joined 
with  McData  switches  about  30 
miles  apart  from  each  other. 

“We  test  our  DR  plan  monthly 
and  do  full  testing  every  quarter,” 
Christian  said. “In  addition,  we  do 
unannounced  quarterly  testing  of 
our  systems.” 

Genuine  Parts  in  Kennesaw, 
Ga.,  isn’t  to  that  point  with  its  dis¬ 
aster  recovery  system,  but  it  does 
have  a  $2  million  project  ready 
for  implementation,  said  Ken 
Buettner,  director  of  database 
development. 

“About  the  time  a  hurricane 
hits  Atlanta  will  be  the  time 
when  management  will  want  to 
put  in  place  some  disaster  recov¬ 
ery  planning,”  said  Buettner,  who 
expects  to  use  EMC’s  MirrorView 
to  replicate  data  between  EMC 
Clariion  CX  SANs  in  Atlanta  and 
Dallas. 

Donna  Scott,  vice  president  and 
distinguished  analyst  for  Gartner, 
said  during  her  presentation  on 
“Disaster  Recovery  and  Data 
Replication  Architectures”  that  or¬ 
ganizations  got  a  lot  more  serious 
about  disaster  recovery  after  the 
Sept.  1 1  terrorist  attacks  and  many 
have  followed  through  with  solid 
plans. 

Of  the  approximately  80  cus¬ 
tomers  attending  Scott’s  presenta¬ 
tion,  44%  said  they  are  involved  in 
developing  a  disaster  recovery 
plan.Thirty  percent  said  they  have 
plans  in  place  and  do  regular  test¬ 
ing.  Only  6%  of  respondents  say 
they  do  the  type  of  diverse  testing 
Norfolk  Southern  does. 

“There’s  nothing  worse  than  set¬ 
ting  up  the  most  resilient  system 
in  the  world  and  only  having  it  not 
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work  when  you  need  it  because 
you  made  changes  to  the  net¬ 
work,”  Scott  said. 

Scott  recommended  that  com¬ 
panies  assess  the  type  of  disaster 
recovery  they  need  for  certain 
applications  and  set  service-level 
agreements  for  their  recovery  She 
urged  companies  to  consider 
application/transaction-level  dis¬ 
aster  recovery,  database  log  re¬ 
covery,  storage  controller-based 
synchronous  replication,  storage 
controller-based  asynchronous 
replication  and  host-based 
recovery. 

Most  companies  can  withstand 
some  data  loss,  so  asynchronous 
replication  is  usually  fine,  though 
synchronous  replication  is  better 
when  no  data  can  be  spared, Scott 
said.  The  drawback  with  synchro¬ 
nous  replication  is  that  there  can 
be  distance  limitations  (about  62 
miles), she  said. 

Buettner  and  Christian  have 
both  chosen  asynchronous  repli¬ 
cation  for  their  businesses. 

“We  have  a  data  processing  cen¬ 
ter  in  Dallas  that  is  ideally  geo¬ 
graphically  set  for  disaster  recov¬ 
er^’  Buettner  said.  “Synchronous 
replication  over  that  distance 
would  never  be  able  to  keep  up.” 


Other  users,  especially  those 
with  Microsoft  Exchange  and 
SQL  Server  applications,  have 
chosen  host-based  replication 
software  for  their  disaster  recov¬ 
ery  operations. 

“As  data  is  written,  there  is  a 
device  driver  that  captures  the 
write  and  writes  it  on  a  server  on 
the  other  side  of  the  network,” 
Scott  said.“Most  of  these  solutions 
offer  point-in-time  snapshots.  The 
most  popular  solutions  are  from 
Double-Take  Software,  XOsoft  and 
the  Neverfail  Group.” 

Charlie  Pelton,  CIO  and  vice 
president  of  Market  Street  Mort¬ 
gage  in  Clearwater,  Fla.,  said  his 
company  has  a  good  disaster  re¬ 
covery  plan  but  he  still  canceled 


his  plans  to  attend  the  conference 
to  prepare  for  Alberto. 

“Our  hot  site  is  built  specifically 
for  disaster  recovery  operations,” 
he  said.  “It  has  multiple  power 
grids,  multiple  telecommunica¬ 
tions  carriers  coming  into  there, a 
generator  that  will  run  a  week, 
two  weeks  without  refueling.  It’s 
worked  six  times  over  the  past 
two  years.” 

Pelton  uses  Neverfail’s  Neverfail 
for  Exchange  and  Heartbeat  to 
protect  his  loan  origination  and 
e-mail  applications. 

With  power  failures  from  hurri¬ 
canes  last  year  of  24  to  72  hours, 
Neverfail’s  software  failed  over 
servers  in  five  to  seven  minutes, 
he  said. 


“Since  the  hurricanes  of  last  year 
we’ve  added  a  48-person  trailer 
that  we  can  relocate  to  multiple 
locations  throughout  the  states,  so 
they  have  a  place  to  work  in  case 
the  building  is  not  available,”  said 
Pelton,  who  guarantees  applica¬ 
tion  availability  24/7. 

Gartner’s  Scott  offered  that  the 
most  important  parts  of  disaster 
recovery  are  considering  require¬ 
ments  during  any  new  project 
design  phase  to  match  an  appro¬ 
priate  solution  to  business  re¬ 
quirements  and  testing.  “It  is  only 
as  a  result  of  testing  that  an  enter¬ 
prise  can  be  confident  about  its 
plan  as  well  as  improve  the  plan 
through  refining  procedures  and 
process,”  she  said.  ■ 


SOX  may  push  public  firms  to  go  private 


BY  ANN  BEDNARZ 

The  cost  to  comply  with  the  Sarbanes- 
Oxley  Act  fell  slightly  in  2005  —  but  not 
enough  to  deter  some  public  companies 
from  going  private. 

Fed  up  with  the  SOX  cost  burden,  21%  of 
companies  that  responded 
to  law  firm  Foley  & 

Lardner’s  latest  study  say 
they  are  considering  going 
private.  Other  options  re¬ 
spondents  are  consider¬ 
ing  include  selling  the 
company  (10%)  and 
merging  with  another 
company  (8%). 

In  2005,  costs  associated 
with  corporate  gover¬ 
nance  reform  dropped 
16%  for  companies  with  less  than  $1  billion 
revenue  and  6%  for  companies  with  more 
than  $1  billion  revenue,  reports  Foley  & 
Lardner  in  its  fourth  annual  SOX  study, 
released  last  week. 

The  savings  stem  from  decreased  produc¬ 
tivity  losses,  legal  fees  and  initial  setup  costs. 


However,  audit  fees  increased,  as  did  the  cost 
of  board  compensation  and  liability  insurance 
for  directors  and  officers. 

Many  industry  watchers  expected  audit 
fees  would  drop  during  public  companies’ 
second  year  of  complying  with  SOX  Section 
404,  which  requires  com¬ 
panies  to  attest  to  the 
effectiveness  of  controls 
put  in  place  to  protect 
financial  reporting  sys¬ 
tems  and  processes.  But 
instead  they  increased: 
Audit  fees  rose  22%  for 
small  companies,  6%  for 
midsize  companies  and 
4%  for  large  companies 
(as  defined  by  Standard 
&  Poor’s  indexes). 

“The  increase  is  disproportionately  impact¬ 
ing  smaller  companies,”  said  Tom  Hartman, 
corporate  governance  study  director  and  busi¬ 
ness  law  partner  at  Foley  &  Lardner,  in  a  tele¬ 
conference. 

The  fees  companies  pay  their  directors 
also  have  climbed  considerably  since  the 


enactment  of  SOX,  because  directors  put  in 
more  time  and  have  greater  accountability 
for  compliance.  Overall  annual  director 
fees  have  increased  an  average  of  71%  for 
small  companies,  64%  for  midsize  compa¬ 
nies,  and  58%  for  large  companies  between 
2001  and  2005. 

For  companies  of  all  sizes,  audit  fees  repre¬ 
sent  the  biggest  portion  of  those  expenses,  fol¬ 
lowed  by  the  cost  of  lost  productivity  While 
down  from  2004  levels,  lost  productivity  none¬ 
theless  cost  each  small  company  $563,000  last 
year  and  each  large  company  $2.46  million, on 
average,  Hartman  said. 

Many  companies  polled  think  the  SOX 
legislation  is  overkill.  Eighty-two  percent 
said  corporate  governance  and  public  dis¬ 
closure  reforms  are  too  strict.  For  the  first 
time  in  four  years,  not  a  single  respondent 
said  the  reforms  are  not  strict  enough, 
Hartman  said. 

Foley  &  Lardner’s  study  includes  data  from 
114  survey  respondents  and  850  proxy  state¬ 
ments  of  public  companies.  Full  study  results 
are  available  on  Foley  &  Lardner’s  Web  site 
(www.  nwdocfi  nder.com/3955)  .■ 


SOX  tally 

Companies  with  less  than  $1  bil¬ 
lion  revenue  spent  an  average  of 
$2.9  million  to  comply  with 
Sarbanes-Oxley  legislation  in 
2005,  while  larger  companies 
spent  $11.5  million,  according  to 
law  firm  Foley  &  Lardner. 
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Nortel  to  dig  into 
branch-office  nets 


BY  PHIL  HOCHMUTH 

Nortel  is  expected  to  launch  its 
first  branch-office  WAN  optimiza¬ 
tion  product  this  week,  entering 
an  emerging  but  crowded  mar¬ 
ket. 

Nortel’s  Business  Continuity  Sys¬ 
tem  (BCS)  is  an  appliance  that 
sits  on  both  ends  of  a  WAN  link  to 
speed  remote  file  access  by 
branch-office  users.  Nortel  is 
using  Windows  Server  2003  Re¬ 
lease  2  and  wide-area  file  services 
(WAFS)  technology  from  Tacit 
Networks  (bought  by  Packeteer  in 
May)  in  the  product. 

Over  the  last  year,  the  WAN 
acceleration  market  has  been 
hot.  Juniper  and  Cisco  went  on 
buying  sprees  in  2005,  purchasing 
smaller  companies  with  products 
that  compress  the  size  of  files  and 
speed  protocols  traveling  over 
WAN  links,  as  well  as  replicate 
data  center  environments  at 
branch  offices.  A  host  of  compa¬ 
nies  —  F5  Networks,  Silver  Peak, 
Blue  Coat,  Riverbed  and  Expand 
among  them  —  are  also  releasing 
products  in  this  market. 

For  its  part,  Nortel  is  introducing 
the  BCS  3000  Branch  Office  and 
Data  Center  devices.  BCS  3000s  sit 
at  both  ends  of  aT-1  or  other  WAN 
link,  and  behind  network  routers. 
The  BCS  3000  Branch  Office  box 
is  a  modular  device  with  a  man¬ 
agement  processor  and  three 
slots  for  service  blades.  Blade 
options  include  one  that  runs 
WAFS  software  from  Tacit,  which 
provides  local  file  caching  and 
replication  of  the  Common  Inter¬ 
net  File  System  protocol  environ¬ 
ment  used  for  remote  access  to 
Microsoft-based  files. 

Another  blade  runs  an  embed¬ 
ded  version  of  Windows  Server 
2003  Release  2.  Nortel  technolo¬ 
gists  say  this  combination  of 
WAFS  technology  and  tight 
Microsoft  integration  replicates  a 
complete  Microsoft  server  envi¬ 
ronment  in  the  branch,  with  DNS, 
DHCP  and  file-and-print  services, 
as  well  as  faster  remote  applica¬ 
tion  access. 

“[The  BCS]  integrates  with  the 
Microsoft  domain  and  IPSec  envi¬ 
ronments,”  says  Phil  Edholm,  en¬ 
terprise  CTO  at  Nortel.  “So  this 
[BCS]  node  sitting  between  a 
device  in  the  branch  and  a  server 


Nortel  branches  out 

The  Business  Continuity 
System  (BCS)  3000 
product  line  for  branch 
and  data  center 
connectivity  includes: 

•  A  modular  appliance  design  with 
high-availability  and  remote- 
management  features. 

•  Embedded  Microsoft  Windows  R2 
Server  for  replicating  Windows  server 
environments  in  remote  offices. 

•  Tacit/Packeteer  wide-area  file 
services  technology  for  caching  data 
center  files  remotely  and  speeding 
access  to  centralized  applications. 

•  As  many  as  three  slots,  which  could 
be  used  for  security,  VoIP  or  other 
services. 


in  the  data  center  can  be  part  of  a 
trust  chain.” 

Edholm  says  this  tight  Microsoft 
integration  makes  the  product  dif¬ 
ferent  from  other  WAFS  offerings, 
such  as  Cisco’s  File  Engine  prod¬ 
ucts  and  Juniper’s  WX  and  WXC 
appliances,  because  these  boxes 
don’t  participate  in  a  Microsoft 
Active  Directory  structure  or 
authenticate  to  Microsoft  servers 
via  IPSec. 

The  BCS  3000  Branch  Office 
also  has  remote  configuration, 
management  and  monitoring 
tools  built  into  its  management 
module.  This  lets  administrators 
remotely  make  changes  to  or 
reboot  services  or  Tacit  WAFS  ser¬ 
vices. 

“The  BCS  3000  Data  Center 
device  also  can  be  used  to  con¬ 
nect  larger  data  centers  to  region¬ 
al  data  centers,  or  to  mirror  data 
centers  over  optical  WAN  links. 
Course  wave  division  multiplex¬ 
ing  (CWDM)  optical  connections 
can  be  added  to  the  data  center 
version  to  connect  data  center 
networks  over  long-distance  fiber. 

One  industry  observer  says  the 
integration  of  Microsoft  and  Tacit 
technologies  into  Nortel  network 
gear  could  challenge  WAN  accel¬ 
eration  rivals. 

“Nortel  needed  a  way  to  get 
back  into  branch  offices,”  says 
Joe  Skorupa,  a  research  vice  pres- 

See  Nortel,  page  18 


Exchange 

continued  from  page  1 

to  receive  mail.”  With  earlier  versions  of  Exchange, 
servers  in  the  DMZ  were  viewed  as  a  security  risk. 

Another  major  area  of  change  will  be  clustering. 
Users  will  be  able  to  cluster  only  servers  deployed 
in  the  mailbox  role.  Edge  servers,  which  supply  e- 
mail  hygiene  services  such  as  anti-virus  and  anti¬ 
spam  protection,  will  be  required  to  run  on  a  ded¬ 
icated  server  and  with  Active  Directory  Appli¬ 
cation  Mode. 

“We  had  our  routing  [service]  on  a  cluster,  and 
now  it  needs  to  go  somewhere  else,  and  that  means 
more  servers,”  says  Christopher  Wenzel,  applications 
analyst  for  law  firm  Fatten  Muchin  and  Rosemann. 
Wenzel,  who  has  clusters  running  in  four  of  his  five 
Exchange  sites  around  the  United  States,  noted  that 
best  practice  guidance  from  Microsoft  for  Exchange 
2003  was  to  cluster  servers.“In  the  past,  the  idea  was 
server  consolidation,  but  not  anymore.  Now  it  is  scal¬ 
ing  out  again.  My  footprint  increases  in  that  I  need 
more  servers  and  more  money  for  licensing” 
Exchange  and  Windows. 

Microsoft  has  yet  to  release  licensing  option 
requirements  for  Exchange  2007. 

Wenzel  says  the  new  Clustered  Continuous 
Replication,  which  allows  for  geographically  dis¬ 
persed  clusters  and  prevents  against  site  failures, 
may  be  more  than  he  wants. 

“Most  of  my  outages  are  not  site  failures.  I  don’t 
want  Exchange  to  fail  over  from  Los  Angeles  to 
Chicago,”  he  says. 

But  Wenzel  says  the  need  for  unified  messaging,  a 
major  new  feature  of  Exchange  2007,  is  driving  his 
upgrade  plan,  along  with  improvements  in  Outlook 
Web  Access  and  search. 

“We  have  never  been  afraid  of  upgrades.  If  they  add 
to  the  productivity  of  our  attorneys,  then  we  think  it 
is  worth  it,”  he  says. 


Microsoft  is  expected  to  introduce  enough  infra¬ 
structure  changes  that  experts  say  users  with  multi¬ 
site,  multiserver  Exchange  installations  must  careful¬ 
ly  plan  their  Exchange  2007  architectures. 

“Users  have  to  rethink  the  infrastructure  stuff  with 
front-end  and  back-end  servers,” says  Peter  Pawlak,an 
analyst  with  Directions  on  Microsoft.  “Now  it  is  all 
about  client-access  servers,  mailbox  servers,  trans¬ 
port  servers  and  unified  messaging.” 

Pawlak  says  the  changes  should  be  positive  for 
users,  including  tying  Exchange  to  the  Active 
Directory  site  structure. 

“If  the  Active  Directory  site  is  designed  correctly, 
this  should  make  Exchange  administration  easier)  he 
says. ‘Administrators  no  longer  have  two  site  struc¬ 
tures  to  design.” 

The  Exchange-Active  Directory  match  isn’t  the  only 
dependency  in  Exchange  2007. 

Users  will  need  at  least  one  client-access  server 
and  one  hub  server  in  each  site  that  contains  a 
mailbox  server.  Those  roles,  however,  can  run 
together  on  the  same  server.  And  both  those 
servers  will  have  to  be  Exchange  2007  servers  to 
support  Exchange  2007’s  revamped  Outlook  Web 
Access  client. 

Users  also  might  find  that  32-bit,  third-party  plug-ins 
to  Exchange,  especially  those  that  run  on  the  server, 
may  not  run  properly 

“Many  of  the  32-bit  applications  will  run,”  says 
Dave  Thompson,  corporate  vice  president  of  the 
Exchange  group  at  Microsoft. “But  they  will  have 
to  be  considered  on  a  case-by-base  basis.  The 
ones  that  won’t  [run  on  32-bit]  will  need  a  com¬ 
patibility  kit.” 

For  unified  messaging,  users  will  have  to  integrate 
Exchange  with  a  PBX,and  Microsoft  has  yet  to  detail 
the  technical  aspects  of  that  union. 

“It  is  not  trivial  connecting  a  PBX  to  Exchange,  and 
people  will  not  [change]  out  their  PBX  for  this  prod¬ 
uct,”  Pawlak  says.  ■ 


Exchange  server  role  architecture 

Exchange  2007  will  introduce  five  server  roles  that  users  will  have  to  deploy  to  build  their 
infrastructure.  Some  of  the  roles  can  be  grouped  on  a  single  machine,  but  others  will  need  to 
run  on  dedicated  machines.  Existing  versions  of  Exchange  have  only  two  roles:  front-end  and 
back-end.  The  new  architecture  is  designed  for  better  security  and  manageability. 
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network  threats  before  they  impact  your  business. 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to 
protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems.  Because  our  enterprise 
solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive  security  and  stop  threats  More  they 
impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 

Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules ,  at  www.iss.net/proof  or  call  800-776-2362. 

Internet  |  Security)  Systems* 

Ahead  of  the  threat  ' 
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Wireless  companies  to  watch 


Company  name 

Azima 

DiVitas  Networks 

G2  Microsystems 

Entellium 

NewLANS 

Headquarters 

Woburn,  Mass. 

Mountain  View,  Calif. 

Oakland,  Calif. 

Seattle 

Westford,  Mass. 

Founded 

2003 

2005 

2004 

2000 

N/A 

Funding 

$5.5  million 

$6  million 

$8  million-plus 

$10  million-plus 

N/A 

Primary  focus 

Predictivo  maintenance  via 
sensors  enabled  via  WLANs. 

n,nf«rii-,-nn — T- |r--—  ■ 

Enterprise  software  that  lets 
mobile  smart  phones  roam 
between  VoIP  over  WLANs 
and  cellular  networks. 

Ultra  low-power  multi- 
frequency  radio  chipset  for 
802.11-based,  active  RFID 
tags  for  asset  tracking  and 
location  services. 

Hosted  on-demand  CRM 
vendor  introducing  Java  client 
designed  for  smart  phones 
and  PDAs. 

Software  and  possibly  silicon 
design  for  multigigabit  WLAN 
in  the  60-GHz  band. 

Worth  noting 

_ 

Company  name  based  on  an 
incantation  in  an  ancient 

North  African  dialect,  to  drive 
away  evil  spirits,  hence  its 
application  in  preventing 
failure. 

Company  name  was  derived 
from  the  names  of  the 
founders,  "with  some 
liberties." 

Australian  founders  were 
formerly  chip  designers  for 
Radiata,  acquired  in  the 

1990s  by  Cisco  for  its 

802.11a  chipset 

Design  inspiration:  Apple’s 
one-handed  iPod. 

Founder  Dev  Gupta  has  been 
called  a  "serial  entrepreneur." 
His  other  start-ups  include 
cable  broadband  equipment 
maker  Narad  Networks,  DSL 
gear  vendor  Dagaz  and 
convergence  company 
MaxComm  Technologies. 

Wireless 

continued  from  page  1 

plant’s  network.  Azima  uses  vari¬ 
ous  encryption  schemes  and 
other  techniques  to  keep  the  data 
separate  from  the  rest  of  the  net¬ 
work.  The  data  is  sent  via  an 
Internet  connection  to  Azima’s 
hosted  data  center,  where  it’s  sift¬ 
ed  by  a  bundle  of  Azima  analyti¬ 
cal  tools. 

Most  current  customers  make 
use  of  a  service  that  includes  diag¬ 
nosticians  who  monitor  customer 
networks  and  advise  clients  on 
potential  problems. 

“Wireless  is  the  enabler’’  says 
Jonathan  Hakim,  Azima’s  CEO.  “It 
makes  possible  low-cost  plant 
deployments." 

DiVitas  Networks 

DiVitas  Networks  debuted  in 
April,  and  plans  to  announce  for¬ 
mally  its  Wi-Fi/cellular  conver¬ 
gence  product  later  this  year. 

The  idea  of  having  a  smart¬ 
phone  that  can  shift  seamlessly 
between  cellular  networks  and 
VoIP  on  WLANs  is  attractive:  It 
bridges  the  gulf  between  sepa¬ 
rate  communications  media. 
Voice,  text  and  enterprise  appli¬ 
cations  can  be  brought  to  a  sin¬ 
gle  handset. 

Bridgeport  Networks,  Verisign 
and  newcomer  Cicero  Networks 
are  vendors  already  in  this  mar¬ 
ket,  but  most  of  these  companies 
focus  on  software  that  resides  on 
carrier  networks.  DiVitas  is  creat¬ 
ing  enterprise  software  that  runs 
behind  a  customer’s  firewall,  and 
works  with  any  carrier  and  cellu¬ 
lar  network,  according  to 
Richard  Watson,  the  company’s 
director  of  product  manage¬ 
ment.  Nothing  has  to  be  added  to 
the  carrier  network. 

DiVitas  won’t  go  into  specific 
product  details  at  this  point. 

It’s  currently  doing  interoper¬ 
ability  testing  with  a  range  of 
WLAN  vendors,  including  Meru, 
Symbol  Technologies  and  Tra¬ 
peze  Networks. 

G2  Microsystems 

G2  is  a  fabless  semiconductor 
designer.  Its  product  is  an  ultra 
low-power  chip  that  combines  an 
802.1  lb  radio  with  the  ISO  24730 
protocol  for  location  services,  a 
900-MHz  Electronic  Product  Code 
interface  and  an  interface  that  lets 
various  sensors  attach  directly. 

G2’s  silicon  will  be  the  heart  of 
an  active  RFID  system  based  on 
802. 1 1 .  Because  it’s  active,  not  pas¬ 


sive,  a  tag  with  the  G2  chip  sends 
out  its  own  signal,  eliminating  the 
need  for  a  complex  and  costly 
infrastructure  of  reader  devices. 
Because  it’s  802.1 1-based,  the  tag 
can  exploit  already  installed 
WLANs  at  plants,  warehouses, 
docks  and  other  locations. 

The  company  uses  several  algo¬ 
rithms  for  fixing  a  tag’s  location, 
says  John  Gloeker,  CEO. 

“People  are  starting  to  realize 
that  [passive]  RFID  is  very  expen¬ 
sive,”  Gloeker  says.  “Most  cus¬ 
tomers  want  to  track  just  a  few 
items.  802.11  lets  you  leverage 
your  existing  infrastructure.” 

The  low  power  demand  of  the 
chip  means  batteries  have  to  be 
replaced  much  less  frequentlysav- 
ing  a  lot  of  money  and  time. 

The  production  release  of  the 
G2  chip  is  scheduled  for  this 
September. 

Entellium 

Entellium,  in  Seattle,  is  a  hosted 
CRM  vendor  founded  in  2000.  It 
introduced  last  week  a  sales  force 
automation  application  created 
with  the  help  of  video  game 
designers. 

The  application,  eMobile,  was 
designed  from  the  ground  up  for 
mobile  or  wireless  users. 
Entellium  hired  professional 
gamers  as  part  of  eMobile’s 
design  team.  Almost  the  first  step 
was  to  throw  out  Windows  GUI 
conventions. 

“The  typical  Windows  Forms 
interface  is  in  our  opinion  an 
obstacle  to  use,”  says  Paul 
Johnston, Entellium  president  and 
CEO.“We  think  the  No.  1  design  cri¬ 
teria  is:  Be  able  to  use  this  appli¬ 
cation  with  one  hand.”  The  inspi¬ 


ration:  Apple’s  iPod. 

The  application  is  written  in 
Java  and  runs  on  any  handset  or 
mobile  device  with  a  Java  virtual 
machine.  Users  connect  to 
Entellium’s  service  over  General 
Packet  Radio  Service  or  En¬ 
hanced  Data  Rates  for  GSM 
Evolution  cellular  networks,  and 
log  on.  They  use  a  thumb  wheel 
on  the  handset  to  navigate 
through  a  series  of  carefully 
designed,  nested  menus,  such  as 
What’s  New  and  Today  and  drill 
down  into  details  through  nested 
pick  lists. 

Trie  application  takes  about 
400K  to  500KB  of  memory  It  can 
cache  a  certain  amount  of  data 
locally  If  the  connection  drops, 
eMobile  is  smart  enough  to  know 
whether  an  update  completed 
and  if  not, to  finish  it  when  the  link 
is  restored. 

NewLANS 

NewLANS  is  developing  tech¬ 
nology  that  will  deliver  multi¬ 
gigabit  WLANs.  That’s  multi-giga- 
bit.That  means  creating  a  wireless 
link  to  the  client  PC  that’s  compa¬ 
rable  in  every  respect  to  a  Gigabit 
Ethernet  wire. 

The  company  proposes  to  use 
7  GHz  of  unlicensed  spectrum  in 
the  60-GHz  band.  The  spectrum 
was  freed  by  the  FCC  for  this  pur¬ 
pose  a  few  years  ago. 

The  company  was  founded  by 
Dev  Gupta, and  very  few  details  of 
its  backing  or  development  are 
public.  In  various  research  papers, 
company  officers  outline  the  de¬ 
velopment  of  media  access  con¬ 
trol  and  physical  layers  for  the  60- 
GHz  band,  and  note  that  together 
these  layers  can  support  a  wire¬ 


less  network  that  seamlessly  spans 
outdoors  and  indoors.  Small, 
smart  antennas  will  improve  net¬ 
work  reliability  significantly  for 
the  gigabit  WLAN. 

A  new  wireless  infrastructure 
architecture  will  have  to  be  devel¬ 
oped  for  the  enterprise,  according 
to  one  paper.  A  key  element  will 
be  an  aggregator,  a  Layer  2  device 
that  will  terminate  wired  connec¬ 
tions  from  the  new  access  points 


and  sit  in  the  enterprise  data  cen¬ 
ter.  That  will  eliminate  the  wiring 
closet  switches  needed  for  today’s 
802.1 1-based  WLANs,  according 
to  the  paper. 

The  aggregator  also  will  control 
and  manage  the  wireless  clients 
and  coordinate  load  balancing 
among  the  access  points. 

NewLANS  is  not  alone.  Extricom 
and  SiBeam  are  also  reportedly 
aiming  at  gigabit  wireless.  ■ 


Gates 

continued  from  page  8 

Groove  Networks. 

Craig  Mundie, another  CTO  for  the  company  will  immediately  take  the 
title  of  chief  research  and  strategy  officer  and  work  with  Gates  to  take 
over  his  responsibility  for  Microsoft’s  research  and  incubation  efforts. 
Mundie  also  will  partner  with  general  counsel  Brad  Smith  to  guide 
Microsoft’s  intellectual  property  and  technology  policy  efforts. 

Gates  said  Microsoft  would  continue  to  thrive,  mostly  based  on  the 
talent  and  commitment  at  the  company 

“The  world  has  focused  a  disproportionate  amount  of  attention  on 
me,”  he  said.  “In  reality,  Microsoft  has  always  had  a  strong  depth  and 
breadth  of  technical  talents.” 

Experts  say  it  won’t  be  a  talent  hit  that  Microsoft  takes  but  more  of  a 
visibility  hit. 

“Gates  is  one  of  the  larger-than-life  individuals  who  exist  in  the  tech¬ 
nology  industry,  he  is  a  huge  part  of  Microsoft’s  identity,  and  with  his 
departure  Microsoft  will  be  forever  changed,”  says  Rob  Enderle,  presi¬ 
dent  of  the  Enderle  Group  and  a  Microsoft  observer  for  many  years. 
“But  all  corporations  go  through  this.” 

Ballmer  said  the  transition  would  not  cause  a  ripple  in  the  company. 

“We  plan  to  make  a  smooth  and  orderly  transition  to  a  new  set  of 
technical  leaders  without  missing  a  beat.”  He  also  said  Gates' 
announcement  was  an  emotional  day  for  him  given  their  close  per¬ 
sonal  relationship,  but  predicted  that  his  friend  would  go  on  to 
become  the  greatest  philanthropist  of  all  time. 

Enderle  says  the  focus  is  now  on  Ballmer’s  future. 

“The  expectation  is  that  Steve  leaves  sometime  within  a  two-  to  five- 
year  window;”  Enderle  says.“When  you  have  executives  with  roughly 
the  same  start  date  and  roughly  the  same  age  they  leave  within  10 
years  of  each  other.  1  think  Steve  will  leave  no  sooner  than  two  years 
but  no  more  than  five.”H 
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siness  execs  share  IT  lessons 


FedEx,  HP,  Boston  Scientific  speak  out  at  I  DC’s  IT  Forum  &  Expo. 
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BY  JOHN  COX 

BOSTON  —  FedEx  three  years  ago  launched 
a  sweeping  IT  transformation  project  based 
on  a  key  insight  by  CIO  Rob  Carter.  He 
amassed  data  and  created  a  bewildering 
“spaghetti  chart”  that  showed  how  a  spate  of 
acquisitions  was  creating  an  ever  more  com¬ 
plex  and  costly  IT  infrastructure. 

“We’re  broken,”  he  told  his  top  managers, 
including  Dorothy  Berry  who  was  vice  presi¬ 
dent  of  the  IT  strategy  management  office  that 
oversaw  the  project. 

Berry  was  among  a  host  of  IT  professionals 
who  shared  their  lessons  learned  last  week 
at  the  IT  Forum  &  Expo,  an  event  in  Boston 
hosted  by  IDC.  The  conference  focused  on 
how  IT  can  enable  organizations  to  reinvent 
themselves,  grow  and  succeed,  but  only  if  IT 
and  network  professionals  think  in  strategic 
business  terms. 

Berry  told  of  how  FedEx’s  divisions  were 
meeting  one  FedEx  precept, “operate  indepen¬ 
dent!^’ but  failing  in  another,  “compete  collec¬ 
tively!’  Among  other  things,  she  said  Carter 
cited  customer  complaints  about  widely  dif¬ 
fering  business  rules  from  one  FedEx  division 
to  another. 

Carter’s  critical  insight,  Berry  said,  was  realiz¬ 
ing  that  these  trends  meant  FedEx’s  vaunted  IT 
group  would  soon  be  an  anchor  holding  back 
the  company’s  growth. 

Berry  admitted  she  and  others  resisted  that 
conclusion  until  Carter’s  data  made  it  undeni¬ 
able.  The  main  goal  of  the  transformation 
effort,  carried  throughout  the  IT  organization, 
was  to  be“fast  and  flexible  in  meeting  business 
goals.”To  prevent  this  from  being  an  empty  slo¬ 
gan,  an  essential  part  of  the  IT  transformation 
was  to  identify  the  measures  and  data  that 
could  be  used  to  assess  the  IT  group’s 


strengths  and  weaknesses  and  measure  its 
progress,  she  said. 

Other  speakers  described  similar  conflicts 
—  business  metrics  trending  in  unsustain¬ 
able  directions,  calling  for  a  kind  of  careful 
radicalism  in  reordering  business  processes 
that  would  be  powered  by  corresponding 
changes  in  IT. 

HP  was  facing  rising  warranty  costs,  coupled 
with  new  federal  laws  that  required  compa¬ 
nies  to  set  aside  reserve  monies  to  cover  them, 
said  Neal  Elgersma,  executive  director  for  HP’s 
discrete  manufacturing  solutions.  Further,  the 
company  realized  it  lacked  the  needed  pro¬ 
cesses  and  tools  to  manage  and  minimize 
these  costs. 

“IT’s  role  is  to  listen  and 
then  tell  the  truth.” 

Dorothy  Berry,  vice  president  of  IT  strategy  man¬ 
agement  office,  FedEx 

HP  mapped  out  the  variables  in  its  warranty 
process,  matched  these  with  available  third- 
party  software  tools,  and  then  filled  in  the  gaps 
with  its  own  software  development,  including 
for  the  first  time  a  common  database  for  all 
warranty  information. The  far-ranging  changes 
let  managers  see,  for  example,  that  when  repair 
sites  replaced  a  failing  modem  in  one  laptop 
model,  the  process  unknowingly  often  also 
cracked  part  of  the  keyboard,  which  would 
have  to  be  separately  repaired.  With  the  newly 
transparent  warranty  process,  HP  made  simple 
changes  in  the  modem  repair  process,  avoid¬ 
ing  the  extra  damage  and  cost. 

Elgersma  said  that  with  results  like  this,  HP 
will  save  $600  million  in  reduced  warranty 
costs,  money  that  falls  directly  to  the  compa¬ 
ny’s  bottom  line. 

By  the  late  1990s,  Boston  Scientific,  after 
years  of  high  but  not  necessarily  profitable 
growth,  found  its  supply  chain  breaking  down, 
said  Robert  Cantow,  the  company’s  group  vice 
president  for  supply  chain.  Some  of  the  symp¬ 
toms  resulted  in  frequent  ‘stock-outs,’  resulting 
in  a  growing  number  of  expedited  shipments 
at  premium  freight  costs,  he  said. 

The  company  did  an  end-to-end  diagnosis  of 
its  supply  chain  and  made  extensive  changes 
to  business  processes  at  every  stage.  Among 
the  key  IT  changes  were  a  global  ERP  deploy¬ 
ment  based  on  SAP’s  software  suite,  supply 
chain  modeling  software  and  sophisticated 
revenue  forecasting  tools,  Cantow  said. 

“IT  by  itself  doesn’t  fix  a  problem,”  he  said. 
“But  it  accelerates  what  we  can  do.”  The  model 
used  by  Boston  Scientific  was  to  assess  and 
diagnose,  pilot  and  evaluate,  roll  out  and 
adjust,  Cantow  said. 

IT-enabled  business  transformation  has  dri¬ 
ven  growth  and  profitability  for  Westchester 
Medical  Group,  a  physicians’  practice  in  White 
Plains,  N.Y  Simeon  Schwartz,  a  practicing 


physician  and  CEO  of  Westchester  Medical, 
describes  an  unforgiving  economic  environ¬ 
ment  for  medical  practices,  which  face  little  or 
no  rise  in  reimbursement  rates,  rising  costs  for 
labor  insurance  and  supplies. 

The  practice  opted  to  create  a  paperless 
office,  through  what’s  called  an  electronic 
medical  record.  But  this  change  drove  a  wide 
range  of  other  business  workflow  changes  to 
automate  large  parts  of  day-to-day  opera¬ 
tions,  from  billing  and  settlement  to  lab  tests 
and  reports  —  about  20  different  systems 
altogether. Westchester  also  is  piloting  self-ser¬ 
vice  kiosks  in  its  offices  so  that  patients  can 
check  themselves  in  for  scheduled  appoint¬ 
ments,  and  has  created  a  secure  Web  portal 
where  patients  can  see  their  medical  records 
and  billing  information. 

Creating  the  interfaces  among  the  off-the- 
shelf  software  applications  was  a  complex 
process,  Schwartz  said. The  laboratory  process 
was  reworked  four  times  to  create  a  stream¬ 
lined,  usable  and  highly  automated  system. 
The  medical  group  participated  as  a  beta  site 
for  the  software  vendors,  and  made  use  of 
some  outside  IT  consultants  to  supplement  its 
five  full-time  IT  professionals,  including  one 
database  administrator  who  supported  80 
physicians. 

With  the  business  process  changes  and  the 
IT  infrastructure,  a  new  culture  had  to  be  cre¬ 
ated  for  the  entire  organization, Schwartz  said. 
“People  had  to  take  ownership  of  their  prob¬ 
lems,”  he  said.  “We  became  a  results-oriented 
[business]  culture.” 

Results  have  been  dramatic.  A  few  years  ago, 
the  group  had  at  least  25  people,  and  some¬ 
times  twice  that  number,  devoted  full-time  to 
handling  paper-based  processes.  Today  there 
are  three  or  four.  The  lab  performs  700,000  to 
800,000  tests  a  year,  with  just  three  full-time 
employees.  Revenue  has  grown  from  $25  mil¬ 
lion  to  $60  million. 

With  these  kinds  of  technology-enabled 
changes,  Schwartz  said,  clinical  productivity 
gains  of  25%  to  35%  are  “easily  achievable.” 

Change  management  on  such  a  scale  “must 
be  a  careful,  thoughtful  plan,”  FedEx’s  Berry 
said.  “IT’s  role  is  to  listen  and  then  tell  the 
truth.”* 
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Nortel 

continued  from  page  14 

ident  at  Gartner.  “Cisco  has  a  very  large  per¬ 
centage  of  the  branch  office.This  is  a  way  for 
Nortel  to  position  Cisco  as  plumbing  supplier, 
and  to  tell  customers  how  to  build 
[advanced]  network  services  on  top  of  Cisco 
plumbing.” 

Making  the  BCS  3000  modular  could  help 
Nortel  deploy  more  kinds  of  services  to 
branches,  and  perhaps  even  supplant  Cisco  in 
some  environments. 

“[Nortel]  will  use  the  BCS  to  roll  out  other 
technologies;  they  could  put  one  of  their  new 
branch-office  router  cards  in  it  or  they  could 
put  firewalls, security  or  voice  over  IP  services,” 
Skorupa  says. 

The  BCS  3000  starts  at  $8,500  for  branch 
offices  with  fewer  than  20  users.  The  BCS  for 
branches  with  as  many  as  100  users  starts  at 
$1 7,000.  CWDM  connections  for  the  BCS  3000 
start  at  $18,000.* 
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»  Control ...  that  really  works.  Only  Juniper  Networks  offers  Unified  Access  Control  with  easy  out-of-the-box  deployment, 
effortless  integration  and  built-in  performance  —  keeping  your  enterprise  incredibly  productive  while  ensuring  security 
policy  compliance.  Whether  it’s  a  virus  riding  in  on  an  unsuspecting  employee’s  laptop,  a  mobile  guest  using  an 
unknown  device  or  a  stealthy  hacker,  Juniper’s  UAC  constantly  monitors  all  users  and  access  levels,  ensuring  the 
right  people  get  resources  while  safeguarding  your  enterprise.  Rest  assured,  you're  secure:  www.juniper.net/uac 
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WET  INFRASTRUCTURE 

■  SECURITY  ■  SWITCHING  Si  ROUTING  H  VPNS  ■  BANDWIDTH  MANAGEMENT  18  VOIP  H  WIRELESS  LANS 


Aruba 
simplifies 
WLAN  control 

BY  JOHN  COX 

Aruba  last  week  released  software  for  its 
wireless  LAN  controllers,  featuring 
changes  designed  to  simplify  administra¬ 
tion  of  large-scale  networks. 

The  new  features  let  the  powerful  Aruba 
Mobility  Controller  take  on  additional 
tasks.  First,  the  software  simplifies  the 
assigning  of  IP  addresses  for  many  mobile 
users  through  a  technique  called  virtual 
LAN  pooling  (see  graphic  at  www.nwdoc 
finder.com/3937).  Second,  it  offloads 
authentication  traffic  from  back-end 
RADIUS  servers,  minimizing  the  load  on 
those  servers. 

VLAN  pooling  is  Aruba’s  attempt  to 
make  VLAN  administration  and  IP 
addressing  on  WLANs  simpler  for  network 
professionals.  Today  mobile  users  log  on 
and  are  assigned  to  a  VLAN  with  a  set  of 
allocated  IP  addresses.  Users  moving  to 
other  wireless  access  points  on  different 
subnets  need  new  IP  addresses. 

To  assign  new  addresses  using  a  tradi¬ 
tional  VLAN  structure  —  especially  for 
environments  with  many  mobile  users  — 
is  a  painstakingly  complex  process,  says 
Keerti  Melkote,  Aruba’s  co-founder  and 
vice  president  of  marketing.  Aruba’s  soft¬ 
ware  abstracts  VLAN  assignments  from 
the  switches  and  routers  on  the  wired  net¬ 
work,  and  the  WLAN  controller  manages 
the  entire  process. 

That’s  just  what  the  University  of  Calgary, 
in  Alberta,  Canada,  discovered  as  it 
deployed  an  Aruba-based  campuswide 
WLAN.  At  one  point,  600  students  with 

See  Aruba,  page  22 


Short  Takes 


■  NFR  Security  last  week  announced 
two  additions  to  its  Sentivist  intrusion- 
prevention  systems  line,  the  Smart 
Sensor  20  and  the  Smart  Sensor  50, 
both  iower-speed  IPS  models.  The 
Sensor  20,  which  supports  connections 
as  fast  as  20Mbps,  costs  $3,000;  the 
Sensor  50,  which  supports  connections 
as  fast  as  50Mbps,  costs  $4,500. 


Lessons  from  Leading  Users 


No  waste  in  Kimberly-Clark  VoIP  plans 


Consolidation  hybrid 

Consumer  products  manufacturer  Kimberly-Clark  is  consolidating  hundreds 
of  PBXs  into  one  data  center  with  VoIP,  but  keeping  digital  desktop  phones. 


n  Three  data  centers  will  host  Avaya  S8700  Media  Servers  and  other  applications  in  a  redundant 
failover  configuration. _ _ 

B  More  than  200  remote  sites  will  use  Avaya  VoIP  gateways  or  Avaya  PBXs  converted  into  VoIP  gateways 
to  connect  digital  handsets  with  VoIP. 

H  In  the  future,  the  hosted  VoIP  servers  will  combine  voice  with  messaging  and  ERP  software  into  a 
common  interface. 


BY  PHIL  HOCHMUTH 

or  a  company  that  sells  billions  of 
disposable  consumer  products 
each  year,  Kimberly-Clark  is  apply¬ 
ing  a  conservationist’s  approach  to  its 
VoIP  and  IP  telephony  plans. 

The  VoIP  plan  at  Kimberly-Clark  is  to 
consolidate  voice  traffic  for  more  than 
200  sites  into  three  data  centers  while 
retrofitting  existing  Avaya  PBXs  with  gear 
that  will  turn  the  devices  into  digital/VoIP 
gateways.The  revamped  PBXs  will  let  the 
company  keep  the  tens  of  thousands  of 
digital  handsets  now  in  use  while  cen¬ 
tralizing  its  call  processing  and  messag¬ 
ing  applications.  That  move  could  save 
close  to  $10  million  in  new  IP  phone 
costs  if  Kimberly-Clark  upgrades  its  sites 
to  VoIP  while  saving  half  its  Avaya  digital 
phone  installed  base. 

“IP  handsets  will  be  more  of  an  excep¬ 
tion,  rather  than  the  rule”  in  the  VoIP  road 
map,  says  Mike  Post,  senior  manager  of  IT 
communication  services  at  the  Irving, 
Texas-based  company  “For  our  business 
and  how  it  operates,  we  didn’t  see  a  great 
amount  of  value  in  deploying  IP  phones 
widely  ...  so  we’re  going  to  try  and  keep 
our  digital  sets  wherever  we  can.” 

The  $15.9  billion  consumer  products 
maker  has  brands  that  include  Kleenex, 
Huggies  and  dozens  of  other  consumer, 
industrial  and  medical  cleaning  prod- 
ucts.The  company’s  200  locations  world¬ 
wide  include  manufacturing  and  pro¬ 
cessing  plants,  sales,  logistics,  corporate 
and  back-office  sites.  Deploying  IP 
phones  to  more  than  57,000  employees 
would  require  widespread  upgrades  for 
LAN  switches  that  support  Power  over 
Ethernet,  as  well  as  increased  heat, 
power  and  support  cost  considerations 
—  not  to  mention  millions  for  the  new 
phones  themselves. 

“Where  we  see  the  most  value  is  in 
having  the  application  infrastructure 
ready  [for  IP  telephony]  so  that  we  can 
begin  the  integration  of  application  and 
the  voice  environments,”  Post  says. 

Laying  the  groundwork 

Kimberly-Clark’s  current  telecom  infra¬ 
structure  was  built  piecemeal  over  the 
years,  with  PBX  phone  systems  installed 


in  various  regions  without  a  central  plan 
or  single  vendor. 

“We  ended  up  with  a  lot  of  different 
telephone  systems  that  are  not  necessar¬ 
ily  networked  together;”  Post  says. 

The  company  is  in  the  first  phase  of  its 
VoIP  project,  as  it  recently  installed  Avaya 
S8700  Media  Servers  (IP  PBXs)  in  its 
North  American  and  European  data  cen¬ 
ters;  S8700s  in  the  Asia  data  center  have 
yet  to  come  online.These  three  data  cen¬ 
ters  eventually  will  host  most  of  the  call 
processing  for  its  200  sites.  This  will 
involve  transforming  hundreds  of  older 
Avaya  PBXs  into  VoIP  gateways  and 
installing  new  Avaya  gateways  in  sites 
with  non-Avaya  PBX  gear.  (The  company 
is  not  disclosing  how  much  it  is  spending 
on  equipment  and  services  from  Avaya 


during  the  project,  which  is  expected  to 
take  around  three  years  to  complete.) 

Legacy  PBXs  and  Avaya  phones,  which 
are  based  on  digital  TDM  technology  are 
installed  in  about  35%  to  40%  of  the 
company’s  remote  sites.  Call  processing 
and  telephony  features  will  move  from 
individual  PBXs  to  the  S8700s  hosted  in 
the  data  centers.  For  this  to  happen, 
remote  PBXs  will  be  converted  into  VoIP 
gateways  that  link  to  the  data  center 
over  the  IP  WAN.  Inside  the  remote  site, 
the  gateways  will  convert  VoIP  traffic  to 
TDM  and  connect  to  digital  phones 
already  installed  in  the  site. 

PBX  transformation  tools 

Two  types  of  add-on  cards  will  be  key 

See  Kimberly-Clark,  page  22 
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Encryption  on  way, 


SECURITY  INSIDER 
Mike  Rothman 


I  have  a  long  and  tattered  his¬ 
tory  with  cryptography  Ever  since 
1  learned  about  Bob  and  Alice  I 
was  smitten.  I  knew  it  was  impor¬ 
tant  because  cryptographic  algo¬ 
rithms  could  be  used  to  protect 
sensitive  data  and  provide  strong 
authentication  and  nonrepudia¬ 
tion  on  transactions.  I  even 
started  a  company  in  1998  to 
make  the  public-key  flavor  of 
cryptography  easier  to  use. 

Yet  at  every  turn,  customers 
voted  with  their  dollars  to  prove 
encryption  and  public  key  cryp¬ 
tography  were  just  not  interest¬ 
ing.  It  was  too  hard  to  use,  too 
expensive  and  too  much  work  to 
integrate  into  the  infrastructure. 
The  folks  who  pioneered  the 
space  did  themselves  a  huge  dis¬ 


service  by  talking  about  the 
underlying  mathematics  of  cryp¬ 
tography  Though  meant  to  prove 
the  security  of  the  technology,  it 
had  the  effect  of  scaring  every¬ 
one  away. 

But  the  game  is  not  over,  and 
encryption  will  have  its  day  in 
the  sun.  Encryption  has  always 
been  one  of  those  weird  cousins 
who  show  up  at  all  the  family 
functions.  You’re  not  really  sure 
why  they  keep  showing  up 
because  no  one  really  talks  to 
them.Then  one  day  they  blossom 
and  find  their  voice.  They  are 
cool,  and  you  are  glad  they  are 
part  of  the  family 

The  fact  is  that  customers  need 
encryption.  One  of  (if  not  the) 
top  imperative  of  most  CIOs 
today  is  to  protect  private  data.  If 
you  don’t,  you’ll  be  in  hot  water 
with  the  regulators  and  your  cus¬ 
tomers.  To  complicate  matters, 
lawyers  increasingly  are  itching 
to  sue  your  pants  off  for  the 
emotional  distress  you  caused 
by  not  taking  proper  care  of  pri¬ 
vate  information. 


By  scrambling  up  the  data  as  it 
rests  in  databases,  file  stores  and 
e-mail  systems,  you  will  be  OK 

—  even  if  a  laptop  is  lost.  If  your 
favorite  shipping  company 
loses  a  backup  tape,  no  worries 

—  the  data  is  encrypted.  If  the 
National  Security  Agency  is  sit¬ 
ting  there  with  a  big  packet  snif¬ 
fer,  not  a  problem  —  they  can’t 
decipher  anything.  There  will 
come  a  time  when  we  think 
back  to  those  crazy  days  when 
data  was  stored  in  the  clear,  but 
it  won’t  be  for  a  while. 

Examining  the  single  instance 
of  mass-market  encryption  suc¬ 
cess  —  SSL  —  is  very  instructive 
in  how  to  solve  the  issue  of  per¬ 
ception  of  complexity  You  are  a 
network  or  security  professional, 
so  you  probably  know  SSL 
involves  public  key  cryptography 
But  do  you  care?  Of  course  not  — 
you  get  the  lock  in  your  browser 
and  all  is  well,  right?  The  point  is 
transparency.  No  one  knew  or 
cared  what  made  SSL  work.  What 
we  need  is  an  encryption  utility 
that  works  all  the  time.  Customers 


but  keep 

don’t  want  to  worry  about  key 
management.  They  don’t  want  to 
get  poked  in  the  eye  when  they 
can’t  recover  encrypted  data  off  a 
backup  tape.  They  can’t  afford  to 
add  more  help  desk  resources 
when  folks  lose  a  key  ring.  It  needs 
to  be  there  and  be  transparent. 

Clearly  we’re  not  there  yet. 
There  is  still  infrastructure  to  buy 
(or  rent).  There  are  still  keys  to 
manage  and  users  to  train.  But 
we  are  making  progress.  En¬ 
crypting  sensitive  outbound 
e-mail  is  pretty  much  transparent. 
The  user  never  even  knows  the 
message  is  sent  securely.  Data¬ 
base  encryption  done  right  has 
no  impact  on  the  applications 
that  the  user  sees.  Done  wrong, 
it’s  a  train  wreck  —  but  that’s  a 
topic  for  another  day. 

A  few  vendors  are  hard  at  work 
trying  to  make  you  forget  that 
encryption  exists.  PGP  and  RSA 
Security  the  two  biggest  encryp¬ 
tion  brands,  are  building  partner 
networks  to  move  key  manage¬ 
ment  out  of  the  application  and 
into  the  infrastructure.  PGP’s 


it  secret 

Netshare  technology  makes 
encrypting  data  at  rest  on  file 
servers  transparent  to  users. 
Companies  such  as  FbstX  and 
Voltage  are  working  to  hide 
encryption  in  other  applications 
through  packaged  developer  kits. 

To  be  clear,  encryption  is  not  a 
panacea.  Encrypted  data  doesn’t 
help  if  you  have  employees  who 
decrypt  the  data,  then  take  it  off¬ 
site  on  their  laptops.  Nor  is  it  very 
useful  to  stop  an  insider  attack, 
when  the  good  guys  turn  out  to 
be  not  so  good.  But  the  tipping 
point  will  be  when  we  don’t  have 
to  talk  about  encryption  any¬ 
more.  It  will  just  be  there.  Users 
won’t  be  any  wiser,  but  their  data 
will  be  protected.  Encryption  is 
going  to  happen,  but  don’t  tell 
anyone. You  may  ruin  the  secret. 

Rothman  is  president  and  princi¬ 
pal  analyst  of  Security  Incite,  an 
analyst  firm  focusing  on  informa¬ 
tion  security.  Read  his  blog  at 
http://feeds.feedburner.com/secu 
rityinciterants  or  send  e-mail  to 
mike,  rothman  @securityincite.  com. 


Kimberly-Clark 
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in  the  PBX-to-gateway  conversion  in  the 
remote  sites,  Post  says.  IP  Services 
Interface  cards  will  let  the  devices  hook 
into  the  IP  WAN,  and  Avaya  MedPro 
Crossfire  boards  will  do  theTDM-to-IP  pro¬ 
tocol  conversion  for  handsets.  Sites  hav¬ 
ing  other  brands  of  PBXs  or  telephony 
gear  will  get  new  Avaya  G650  gateways 
and  Avaya  IP  or  digital  phones. 

“If  we  go  into  an  existing  Avaya  site,  we 
can  reuse  all  the  existing  handsets,  so  the 
Crossfire  board  is  kind  of  a  critical  ele¬ 
ment,”  Post  says. 

Part  of  the  planning  process  is  figuring 
out  how  much  VoIP  bandwidth  a  site 
needs  and  configuring  the  IP  WAN  links  to 
support  that  expected  call  volume. 

Pbst  says  the  telecom  group  has  devel¬ 
oped  its  own  capacity-planning  software, 
which  gauges  remote  sites’  call  volumes 
and  gives  the  staff  an  idea  of  their  band¬ 
width  needs  for  VoIP 

“In  most  cases  we  have 
call  accounting  installed 
already  on  the  PBXs  cur¬ 
rently  running  the  re¬ 
mote  sites,”  Pbst  says. 

“That  gives  us  knowledge 
of  our  calling  require¬ 
ments."  Generally,  he  says, 
there  is  no  rule  of  thumb 
for  allocating  VoIP  band¬ 


width  for  a  site  because  usage  can  vary 
widely  among  the  company’s  facilities. 

Thinking  about  the  unthinkable 

In  planning  for  future  VoIP  needs,  Post 
also  is  planning  for  worst-case  scenarios. 
Hosting  the  call  processing  for  hundreds 
of  sites  in  a  few  data  centers  carries  risks, 
Post  admits. 

In  case  of  a  failed  WAN  link  between 
branch  offices  and  their  host  data  center, 
every  remote  gateway  will  have  the  ability 
to  take  over  local  call  control;  calls  would 
still  be  able  to  come  to  the  site  through 
local  links  to  the  public  switched  tele¬ 
phone  network,  Post  says. 

On  a  larger  scale,  Avaya  Commun¬ 
ication  Manager  servers  running  on  the 
S8700  hardware  include  several  failover 
and  high-availability  options.  Each  data 
center  has  multiple  standby  S8700s, 
which  can  take  over  if  a  primary  call 
server  fails.The  servers  also  will  run  a  ser¬ 
vice  called  Enterprise  Survivability 
Server  (ESS).  If  remote 
sites  cannot  access 
their  primary  data 
center  because  a 
problem  occurs  at  that 
central  location,  ESS 
lets  one  of  the  other 
two  data  centers  take 
over  the  VoIP  connec¬ 
tions  for  the  affected 
remote  sites.  ■ 
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Head  online  to  read  more  about  Kimberly- 
Clark’s  VoIP  plans. 
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That’s  just  what  the  University  of  Calgary 
in  Alberta,  Canada,  discovered  as  it 
deployed  an  Aruba-based  campuswide 
WLAN.  At  one  point,  600  students  with 
wireless  laptops  might  get  online  in  a  big 
auditorium,  says  Dean  Berschl,  senior 
security  analyst  with  the  university’s  IT 
group.  Previously  Berschl  would  have  to 
guess  how  many  students  might  be  in  the 
room  and  then  preassign  enough  IP 
addresses  in  enough  subnets. 

Preallocating  the  right  number  of 
addresses  to  the  right  number  of  subnets 
in  the  right  locations  “becomes  a  manage¬ 
rial  nightmare,”  Berschl  says.  With  VLAN 
pooling  as  part  of  Aruba’s  software,  the 
nightmare  goes  away. 

“If  I  expect  5,000  wireless  users  on  cam¬ 
pus,  I  can  simply  assign  5,000  IP  addresses 
divided  up  among  the  appropriate  num¬ 
ber  of  subnets,  in  this  case  20,  to  cover  all 
the  users,”  he  says.  “The  Aruba  controller 
goes  through  that  pool  of  subnets,  assign¬ 
ing  addresses  on  a  round-robin  basis  [as 
each  user  logs  in].” 

“If  we  didn’t  have  VLAN  pooling,  our  net¬ 
work  would  be  much  more  complex 
administratively  Berschl  says. 

The  second  Aruba  update,  dubbed  AAA 
FastConnect,  lets  an  Aruba  controller’s 
onboard  encryption  processor  take  over 
processing  a  big  chunk  of  the  802.  IX 


authentication  traffic  to  and  from  a  back¬ 
end  RADIUS  server.  In  the  past,  when  a 
wireless  user  connected  to  an  access 
point,  the  authentication  process 
exchanged  a  set  of  messages  —  including 
sending  the  encryption  key  —  directly 
between  the  client  device  and  the  RADIUS 
server,  with  the  controller  simply  passing 
messages  back  and  forth. 

As  the  number  of  users  increases,  so 
does  authentication  traffic,  which  can 
overload  the  RADIUS  server. 

Berschl  has  been  testing  FastConnect. 
“When  you  have  lots  of  users  signing  in, 
you  have  back-end  RADIUS  servers  that 
have  to  process  all  these  messages  and 
key  exchanges,”  he  says,  adding  this  over¬ 
load  would  be  especially  felt  by  wireless 
VoIP  traffic.  “With  FastConnect,  the  con¬ 
troller  assists  in  this;  it  can  be  privy  to  the 
[authentication]  conversation  and  assist 
in  the  key  exchange,  and  do  it  much 
faster  than  any  triple  A  server  can  ever 
handle  it.” 

Another  new  feature  is  automatic 
remote  provisioning  of  Aruba  controllers 
installed  at  branch-office  sites. These  con¬ 
trollers  use  the  WAN  link  to  seek  out  a  cen¬ 
tral  controller  on  the  corporate  network 
and  download  their  configuration  data 
and  policies. 

WIDE-AREA  NETWORKING 
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Windows  Server  is  the  leading  platform 
for  UNIX  migrations. 

"Based  on  our  primary  research,  Windows  Server™  was 
the  leading  platform  for  UNIX  migration  with  45%  of 
the  volume.  The  Windows  Server  platform  today  has 
more  ISV-packaged  application  support  and  market 
coverage  from  ISV  suppliers  than  the  Linux  platform 
does.  As  a  result,  IDC  believes  that  it  is  unrealistic  to 
expect  that  Linux  can  tackle  the  full  range  of  UNIX 
workloads  today.  '  Understanding  UNIX  Migration: 

A  Demand-Side  View,  January  2006 


Matt  Eastwood,  Vice  President ,  Enterprise  Servers,  IDC 
To  find  out  more,  go  to  microsoft.com/getthefacts 
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You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  orvisitwww.pillardata.com/smaller 

Learn  the  truth  about  networked  storage. 
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Windows  client  ID  technology  unveiled 


BY  JOHN  FONTANA 

Microsoft  last  week  unveiled  Windows 
CardSpace,  a  user-centric  identity  technolo¬ 
gy  that  was  formerly  called  InfoCard. 

CardSpace  is  the  name  the  technology 
will  carry  when  the  Vista  client  operating 
system  ships  to  corporate  users  before  year- 
end,  according  to  Stuart  Kwan,  director  of 
program  management  for  identity  and 
access  technologies  at  Microsoft. 

Microsoft  also  laid  out  its  road  map  for 
identity  technologies,  including  develop¬ 
ment  tools,  the  client  operating  system  and 
server-based  components.  One  of  those 
components  is  Microsoft  Identity  Integra¬ 
tion  Server  (MIIS),  which  is  slated  to  be 
incorporated  into  the  operating  system. 

CardSpace  is  an  interface  that  presents 
users  with  an  identity  selector,  a  palette  of 
identity  cards  that  can  be  used  to  authen¬ 
ticate  to  network  resources  or  Web  sites. 

Microsoft  has  added  an  interface  that 
pops  the  CardSpace  selector  out  to  the  front 
of  the  desktop  while  suspending  other  func¬ 
tionality  on  the  desktop.The  interface  shows 


the  user  what  kinds  of  credentials  are  need¬ 
ed  to  access  a  particular  site  or  resource. 

“The  selector  helps  you  select  an  identity 
card  and  tells  you  who  you  are  talking  to,” 
Kwan  says. 

Kwan  says  CardSpace  will  replace  the  tra¬ 
ditional  user  name  and  password,  and  will 
provide  one-click  sign-on  and  protection 
against  spoofing  and  phishing  attacks. 

Microsoft  has  built  CardSpace  into  Inter¬ 
net  Explorer  7.0,  but  the  technology  also 
can  be  built  into  smart  clients.  Kwan  says 
the  technology  also  could  work  with  Mo- 
zilla’s  Firefox  browser,  but  a  third  party 
would  have  to  develop  an  adapter.  Last 
year,  Microsoft  said  it  was  in  talks  with  Mo- 
zilla  and  Apple  about  integration  of  Card- 
Space  with  their  browsers. 

CardSpace  and  Internet  Explorer  repre¬ 
sent  the  client  side  of  Microsoft’s  identity 
equation.On  the  server  side,  Microsoft  has 
developed  a  technology  called  the  Security 
Token  Service  (STS)  that  will  be  integrated 
with  Active  Directory 

STS,  which  is  scheduled  to  ship  after 


Longhorn  Server  is  released  late  next  year, 
is  a  lightweight  gateway  based  on  the  WS- 
Trust  protocol  for  servers  and  clients  that 
negotiates  the  exchange  of  security  tokens, 
such  as  Kerberos  or  Security  Assertion 
Markup  Language. 

On  the  developer  side,  Kwan  says,  Micro¬ 
soft  has  added  support  for  CardSpace  into 
.Net  Framework  3.0  (formerly  WinFX)  to 
make  it  easier  for  developers  to  build  iden¬ 
tity  services  into  their  applications. 

In  February  Microsoft  outlined  a  platform 
strategy  using  Active  Directory  as  a  brand 
name  and  a  hub  to  support  a  slew  of  tech¬ 
nologies  targeted  at  identity  and  access 
management,  including  sophisticated  pro¬ 
visioning  tools  now  lacking  from  the  Micro¬ 
soft  lineup. 

Experts  say  Microsoft  needs  to  add  or  im¬ 
prove  workflow,  password  management, 
user  self-service  and  delegated  administra¬ 
tion  capabilities  to  Active  Directory  and 
MIIS,  the  core  of  its  identity  platform.  Both 
are  foundation  elements  for  Microsoft’s 
Identity  Metasystem  strategy 


Ultimately  Microsoft  would  like  that  core 
to  support  strong  credentials,  access  con¬ 
trol,  single  sign-on,  federated  identity,  infor¬ 
mation  rights  protection,  process  automa¬ 
tion  and  auditing. 

Kwan  says  Microsoft  is  investing  heavily  in 
support  for  strong  credentials,  especially 
native  smart  card  support.  Windows  also 
will  include  an  architecture  to  support 
smart  card  operations  based  on  the  same 
mini-driver  model  used  to  support  printers. 
The  platform  will  support  a  smart  card  cer¬ 
tification  program  so  users  can  get  auto¬ 
mated  upgrades  through  Windows  Update. 
Those  upgrades  are  expected  as  much  as 
12  months  after  the  release  of  Longhorn. 

For  MIIS,  Microsoft  will  add  support  in 
Service  Pack  2,  slated  to  ship  later  this  year, 
for  Visual  Studio  2005  and  SQL  Server  2005. 
In  addition,  Microsoft  is  developing  provi¬ 
sioning/deprovisioning  technology  audit¬ 
ing,  self-service,  Web  services  programming 
interfaces,  and  support  for  Windows  Work- 
flow  Foundation.  Those  technologies  are 
expected  to  ship  after  Longhorn.  ■ 


Short  Takes 


Net  Appliance  targets  Linux  clusters 


■  Intel  has  moved  up  the  release  of 
its  Tulsa  server  chip,  part  of  its  next- 
generation  multicore  line.  Intel  ex¬ 
pects  to  release  Tulsa  in  the  third 
quarter,  says  Alistair  Kemp,  an  Intel 
spokesman.  Tulsa  is  a  dual-core  pro¬ 
cessor  in  the  Xeon  family,  built  using 
a  65-nm  production  process.  It  is  de¬ 
signed  for  servers  with  four  or  more 
processors,  an  Intel  fact  sheet  says. 
The  Tulsa  chip  is  another  entry  into 
Intel's  competition  with  Advanced 
Micro  Devices9  Opteron  line.  Dell 
surprised  observers  earlier  this 
month  by  saying  it  will  offer  Opteron 
chips  in  its  high-end  multicore  servers 
by  year-end.  Intel  also  confirmed  it 
will  roll  out  another  chip,  code-named 
Woodcrest,  on  June  26.  Woodcrest,  a 
dual-core  chip  for  dual-processor 
servers  and  workstations,  is  widely 
seen  as  Intel's  attempt  to  close  the 
gap  with  AMD  on  power  consump¬ 
tion  and  performance. 


BY  SHELLEY  SOLHEIM,  IDG  NEWS  SERVICE 

Network  Appliance  last  week  intro¬ 
duced  an  operating  system  to  power  its 
storage  for  high-performance  Linux  com¬ 
puting  clusters  in  large-scale  computa¬ 
tional  systems. 

With  the  Data  Ontap  GX  operating  system, 
Network  Appliance  has  combined  the 
global  namespace  functionality  of  Spin¬ 
naker  Networks’  SpinOS  technology,  which 
it  acquired  in  2003,  with  capabilities  of  its 
own  operating  system,  Data  Ontap  7G.The 
software,  which  runs  on  Network  Appli¬ 
ance’s  FAS6070  and  FAS3050  arrays,  lets 
multiple  nodes  appear  as  one  system  and 
eases  the  movement  of  data  among  storage 
nodes  and  tiers,  the  company  says. 

Network  Appliance  is  targeting  such  sys¬ 
tems  as  those  used  for  seismic  analysis  in 
oil  exploration,  the  creation  of  special 
effects  in  the  entertainment  industry  and 
semiconductor  design  simulation. 

The  architecture  has  let  Industrial  Light  & 
Magic,  which  provides  visual  effects  for  the 
entertainment  industry  simplify  storage 
management  and  cut  its  storage  budget  by 


Network  Appliance  says  its  new  operating 
system  will  better  enable  storage  devices 
such  as  the  FAS6070  to  support  clustering. 


Ontap  GX  for  six  months,  as  well  as  a  pre¬ 
release  version  for  two  years  before  that. 

“With  the  GX  system,  because  you  virtual¬ 
ize  all  of  the  storage  into  looking  like  one 
big  disk,  you  can  smush  the  data  out  over 
all  the  servers  so  it’s  all  very  evenly  loaded. 
We  used  to  have  to  build  each  of  our  file 
servers  big  enough  for  our  whole  render 
farm,  which  has  about  3,000  processors, 
and  that  got  very  expensive.  Now  we  can 
have  a  larger  number  of  smaller  servers,” 
Thompson  says. 

Pricing  is  configuration-dependent  and 
starts  at  $212,000  for  a  two-node  FAS3050 
configuration,  the  Data  Ontap  GX  operating 
system  and  other  core  software,  and  7TB  of 
storage.  ■ 


about  half,  says  Michael  Thompson,  senior 
systems  engineer  for  the  company  in  San 
Rafael,  Calif. 

“We  have  200TB  of  storage  split  across  20 
servers,  and  our  end  users  see  this  as  one 
big,  giant  200TB  disk  on  the  network.  It 
dramatically  simplifies  things,”  he  says. 

The  company  has  been  beta  testing  Data 
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Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design,  the 
Biglron  RX  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

FIND  OUT  MORE  ABOUT  THE  BlGlRON  RX  SERIES  AND  HOW 
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Short  Takes 


■  Microsoft  last  week  unveiled  a 
technology  that  will  let  business  cus¬ 
tomers  see  information  in  all  their 
enterprise  applications  via  the  com¬ 
pany's  portal  software,  Office 
SharePoint  Server.  Line  of  Business 
Interoperability  for  Office 
SharePoint  Server,  or  LOBi,  will 
deliver  data  and  processes  from 
applications  to  Office  client  applica¬ 
tions.  Microsoft  will  preview  LOBi 
before  the  end  of  this  year,  with  gen¬ 
eral  availability  expected  in  2007. 

LOBi  will  be  offered  under  the 
umbrella  of  the  company's  Office 
Business  Applications  strategy,  which 
is  similar  to  the  Duet  technology  proj¬ 
ect  (formerly  code-named  Project 
Mendocino)  that  Microsoft  developed 
with  SAP.  Duet  will  let  users  access 
data  and  processes  from  SAP’s  busi¬ 
ness  applications  through  Office. 
Office  Business  Applications  is  part 
of  Microsoft's  plan  to  make  Office 
2007  a  comprehensive  software  suite 
for  office  productivity,  business  intelli¬ 
gence,  content  management  and 
worker  collaboration.  General  release 
of  Office  2007  is  expected  in  January. 

■  Troubled  optimization-software 
vendor  Mercury  Interactive  has 

been  on  a  buying  spree  again  as  a 
way  to  beef  up  its  IT  service  manage¬ 
ment  offerings.  Mercury  last  week 
announced  the  purchase  of  technol¬ 
ogy  from  Vertical  Solutions  and  R&D 
staff  and  facilities  from  Tefensoft  for 
a  total  of  $18.5  million  in  cash.  From 
Vertical,  Mercury  acquired  Power- 
Help  IT  service  and  sales  manage¬ 
ment  software,  which  it  plans  to 
incorporate  into  its  Mercury  Service 
Desk  software  in  response  to  the 
changing  nature  of  help-desk  soft¬ 
ware.  In  January,  shortly  after  being 
delisted  from  the  Nasdaq  exchange 
for  failing  to  file  financial  reports  on 
time,  Mercury  announced  plans  to 
purchase  service-oriented  architec¬ 
ture  software  vendor  Systinet  for 
$105  million  in  cash.  Last  month, 
Mercury  said  it  was  on  track  to  bring 
its  financial  filings  up-to-date  in  the 
second  quarter  of  this  year,  restating 
results  from  fiscal  2004  and  2005. 


Airbus  flies  on  Web  services 


BY  JOHN  BLAU,  IDG  NEWS  SERVICE 

European  aircraft  builder  Airbus  is  imple¬ 
menting  a  Web  services-based  travel  man¬ 
agement  application  as  a  first  step  in  a 
planned  groupwide  migration  to  a  service- 
oriented  architecture. 

The  manufacturer  is  installing  the  travel 
management  component  of  SAP’s  new  ERP 
software,  mySAP  ERP  2004,  which  uses  SOA 
technology  The  new  system  replaces  a 
home-grown  system  at  the  company’s  plant 
in  France,  a  Lotus-based  system  in  its 
Spanish  operations  and  earlier  SAP  versions 
at  facilities  in  Germany  and  the  United 
Kingdom,  James  Westgarth,  manager  of 
travel  technology  procurement  at  Airbus, 
said  last  week  in  an  interview  at  SAP’s 
European  Sapphire  customer  event  in  Paris. 

“We  like  the  idea  of  an  open  architecture, 
which  SOA  enables, ’’Westgarth  says.“We  like 
the  idea  of  being  able  to  manage  every¬ 
thing  internally  and  cherry-pick  for  the  best 
solution  in  every  class.” 

Additional  components,  such  as  online 
booking,  also  could  come  from  SAP  —  if 


the  software  vendor  has  a  superior  product 
for  that  application,  Westgarth  says. 

The  decision  to  deploy  a  new  Web  ser¬ 
vices-based  travel  management  system 
was  driven  in  large  part  by  a  need  to 
reduce  administration  costs  and  improve 
business  processes. 

Airbus’  $320  million  travel  budget  is  used 
to  help  pay  for  more  than  180,000  trips 
annually  The  company  intends  to  reduce 
costs  by  replacing  its  time-  and  labor¬ 
consuming  paper-based  reimbursement 
process  with  a  system  that  lets  employees 
process  their  own  travel  expenses  online 
from  their  desktops  or  mobile  devices.  A 
key  benefit  for  employees:  Reimbursement 
time  will  be  reduced  to  three  days,  from 
about  10.  In  addition,  the  new  system  lets 
Airbus  integrate  new  service  providers 
more  easily  into  its  operations,  Westgarth 
says.  The  manufacturer  has  outsourced  its 
valued-added  tax  reclamation  to  a  third 
party  specializing  in  this  service. 

With  the  help  of  application  link  enablers, 
Westgarth  and  his  team  will  link  their  travel 


management  system  to  the  company’s 
other  SAP  applications,  including  finance 
and  human  resources.  Airbus  has  a  strategy 
to  migrate  multiple  systems  and  countries 
to  mySAP  ERP  2004  over  a  number  of  years, 
he  says,  but  the  timing  and  extent  of  the 
migration  are  not  clear.  “The  company 
chose  travel  management  to  pilot  mySAP 
ERP’Westgarth  says.  “Everybody  is  look¬ 
ing  at  our  project  to  see  how  we  do.” 

There  have  been  some  issues  with  the 
rollout  of  the  travel  management  applica¬ 
tion,  Westgarth  says.“Because  we’re  the  first 
big  company  to  implement  this  technology, 
we’ve  had  difficulty  finding  enough  skilled 
people  on  the  market,”  he  says.  “And  some 
work  was  required  to  integrate  the  Web 
interface  into  our  portal.” 

Airbus  employees  like  the  Web-based 
application’s  new  user  interface, single  sign- 
on  and  step-by-step  guidance,  Westgarth 
says.  And  the  company  likes  the  flexibility 
“No  one  was  talking  about  low-cost  carriers 
five  years  ago,”  he  says.“We  need  to  adapt  to 
the  market  and  to  changing  needs.”  ■ 


Start-up  eyes  open  source  Web  services 


Profile:  WS02 


Location: 

Boston,  London,  Sri  Lanka 

Founded: 

August  2005  by  former  IBM  executives  Sanjiva  Weerawarana  and  Paul  Fremantle 
and  former  CA  executive  Davanum  Srinivas. 

No.  of  employees: 

About  30 

Primary  products: 

WS02  Tungsten,  an  open  source  Web  services-based  application  server. 

Finances: 

$4  million  from  Intel  Capital 

Customers: 

Undisclosed,  targeting  financial  services 

Competition: 

BEA,  IBM,  JBoss 

Fun  fact: 

WS02  stands  for  Web  services  and  oxygen,  reflecting  the  company's  tagline, 
"Oxygenating  the  Web  service  platform." 

BY  JENNIFER  MEARS 

With  an  open  source  middleware  plat¬ 
form  designed  for  Web  services,  a  start-up 
launched  by  former  IBM  executives  prom¬ 
ises  easier  deployment  and  management 
of  service-oriented  architectures. 

WS02  last  week  rolled  out  its  Tungsten 
application  server,  the  first  product  in 
what  will  be  a  complete  line  of  Web  ser¬ 
vices-based  middleware.  Tungsten  sup¬ 
ports  XML,  Simple  Object  Access  Protocol 
(SOAP)  and  other  Web  services  stan¬ 
dards.  In  contrast,  Java-based  application 
servers  from  vendors  such  as  BEA,  IBM 
and  JBoss  support  Java-based  transac¬ 
tional  applications,  so  Web  services  sup¬ 
port  must  be  layered  on  top. 

“The  traditional  application  server  is  de¬ 
signed  to  support  scalable  transactional 
Web  sites. . . .  The  whole  [Java  2  Platform 
Enterprise  Edition]  architecture  isn’t  de¬ 
signed  for  SOA,”  says  Jason  Bloomberg,  a 
senior  analyst  at  ZapThink.“Java  is  all  about 
portability  —  write  once,  run  anywhere  — 
while  SOA  is  about  interoperability  where 
now  you  have  code,  you  leave  it  where  it  is 


and  it  interoperates  via  messages.” 

The  idea  is  to  provide  a  simpler  frame¬ 
work  that  will  make  it  easier  for  customers 
to  control  Web  services  deployments,  says 
Sanjiva  Weerawarana,  CEO  and  co-founder 
of  WS02.  Weerawarana  founded  WS02 
after  spending  eight  years  working  on  IBM’s 
Web  services  strategy  (see  graphic). 

“I  came  to  the  conclusion  that  the  way 


IBM  was  implementing  [Web  services] 
was  not  the  optimal  approach.  They  took 
WebSphere  and  put  a  layer  in  front  to 
make  it  speak  Web  services,”  he  says.  “1 
thought  the  Web  services  platform  was 
more  amenable  to  a  lighter-weight,  easier- 
to-use  platform,  rather  than  layering  J2EE 
with  Web  services.” 


See  WS02,  page  28 


Do  you  have  to  be  ready  to  be  tapped? 
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NET  INSIDER 

Scott  Bradner 


The  US.  Court  of  Appeals  for  the 
District  of  Columbia  Circuit  on 
June  9  decided  2-to-l  (see  www 
.nwdocfinder.com/3925)  the  FCC 
acted  within  its  statutory  author¬ 
ity  when  it  said  much  of  the 
Internet  had  to  be  designed  to  be 
open  to  being  wiretapped.  I’m 
sure  this  decision  will  be  ap¬ 
pealed,  and  Judge  Harry  Ed¬ 
wards’  dissenting  opinion  may 
prevail  in  the  end.  Even  if  this 
does  happen,  however,  Congress 
is  sure  to  support  the  idea  the 
Internet  should  not  be  safe  from 
wiretapping  —  so  any  FCC  defeat 
would  just  delay  the  inevitable. 


A  less-predictable  part  of  the 
FCC  order  applies  to  enterprise 
networks.  Just  what  will  your  cor¬ 
porate  network  need  to  be  ready 
to  do?  So  far,  the  FCC  has  not 
made  it  clear  that  enterprise  net¬ 
work  managers  will  need  to  do 
anything  in  response  to  its  order 
extending  the  Communications 
Assistance  for  Law  Enforcement 
Act  (CALEA)  to  the  Internet  and 
VoIP  There  is  an  ominous  hint, 
however,  in  footnote  100  on  page 
19  of  the  original  FCC  order  (see 
www.nwdocfinder.com/3926). 
The  footnote  ostensibly  deals 
with  educational  networks,  but 
there  is  nothing  in  the  order  or  in 
the  FCC’s  filing  with  the  Appeals 
Court  —  quoted  in  a  statement  by 
FCC  Commissioner  Deborah 
Taylor  Tate  (see  www.nwdocfind 
er.com/3927)  —  that  limits  the 
impact  to  networks  in  educa¬ 
tional  institutions. 


CALEA  (see  www.nwdocfinder 
.com/3928)  defines  what  a  tele¬ 
com  provider  must  be  able  to  do 
in  response  to  a  proper  request 
from  law  enforcement.  CALEA 
covers  information  about  com¬ 
munications  and  the  communica¬ 
tions  themselves.  Note  CALEA 
does  not  limit  what  information 
law  enforcement  can  ask  you  to 
provide;  it  just  says  what  informa¬ 
tion  you  must  be  able  to  provide 
and  that  you  can  be  fined  as 
much  as  $10,000  per  day  if  you 
cannot.  Just  as  in  other  situations, 
law  enforcement  can  ask  for  any¬ 
thing  a  court  agrees  is  relevant  to 
a  case,  and  you  have  to  produce 
any  information  you  are  able  to. 
The  CALEA  law  has  a  specific 
exemption  for  private  networks.  If 
a  private  network  is  connected  to 
the  Internet,  however,  footnote  100 
and  the  FCC  court  filing  say  “the 
connection  point  between  the 


private  and  public  network  is  sub¬ 
ject  to  CALEA.”  This  applies 
whether  the  connection  point  is 
provided  by  an  ISP  or  by  the  oper¬ 
ator  of  the  private  network. 

The  implication  of  this  is  fuzzy  at 
best.  It  may  mean  the  router  con¬ 
necting  an  enterprise  network 
manager  to  the  Internet  is  subject 
to  CALEA.  It  could  mean  the  ISP 
router  is  the  CALEA  point,  but  it’s 
hard  to  see  how  an  ISP  could  map 
your  boss  to  an  IP  address  to  be 
able  to  tap  his  or  her  Internet 
usage.  Such  mapping  becomes  all 
that  much  harder  if  the  enterprise 
is  using  a  network  address  transla¬ 
tion  (NAT)  system  or  NAT  func¬ 
tionality  in  a  firewall. The  ISP  will 
have  to  give  all  your  corporate 
communications  to  the  cops  if  it 
reliably  cannot  select  just  your 
boss’s.  For  the  geeks:  Enterprise 
multihoming  makes  ISP-based 
tapping  even  more  questionable. 


Given  history,  do  not  expect  any 
useful  clarification  from  the  FCC 
until  close  to  or  after  the  May  14, 
2007,  effective  date  of  the  law. 

Meanwhile,  you  might  ask  your 
corporate  lawyer  to  look  into  the 
long  list  of  things  the  final  rules 
(see  wwwnwdocfinder.com/3929, 
pages  45-50)  say  you  will  have  to 
do  if  you  are  subject  to  CALEA.  Or 
better  yet,  get  your  lawyer  to  con¬ 
tact  your  lobbying  group  and  get 
them  to  find  out  how  much  this  is 
going  to  hurt. 

Disclaimer:  Dealing  with  pain 
the  way  Harvard  Med  School  sug¬ 
gests  —  good  drugs  —  has  other 
complications  in  this  type  of  case. 
Anyway,  the  above  is  my  opinion, 
not  the  university’s. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


McAfee  sets  e-commerce  boost  for  SiteAdvisor 


WS02 

continued  from  page  27 

Increasingly  companies  are  looking  to 
Web  services  to  create  a  flexible  business 
environment  in  which  applications  com¬ 
municate  over  the  Internet.  Web  services 
are  application  components  that  can  be 
cobbled  together  on  the  fly  via  such  stan¬ 
dards  as  SOAP 

“From  an  administrative  perspective, 
with  J2EE,  you  get  two  different  views  of 
the  world:You  have  the  Web  services  view, 
and  you  have  the  J2EE  vie\y”Weerawarana 
says. “Whereas  in  our  case  it’s  going  to  be 
simply  the  service-oriented  view  and  noth¬ 
ing  else,”  he  adds. 

WS02  Tungsten  is  open  source,  built  on 
Apache  Axis2,  an  open  source  foundation 
that  can  expose  existing  or  new  applica¬ 
tions  as  Web  services.  WS02  makes  its 
products  available  for  free  under  the 
Apache  License,  but  will  charge  for  service 
and  support.  Annual  support  for  Tungsten 
starts  at  $3,000  for  as  many  as  two  servers. 

WS02  has  not  released  customers’ 
names  but  says  there  are  several  in  the 
financial  services  sector  testing  the 
product. 

A  recent  $4  million  infusion  from  Intel 
Capital  helps  validate  WS02’s  business 
model,  but  like  most  open  source  compa¬ 
nies,  its  biggest  challenge  will  be  in  how 
successful  it  is  in  selling  services  and  sup¬ 
port  around  the  software,  Bloomberg  says. 
“They’ve  identified  an  important  niche,”  he 
says.  “WS02  is  an  indication  of  the  post- 
Java,  non-Microsoft  approach  to  distrib¬ 
uted  computing.lt  will  be  interesting  to  see 
if  it  pans  out.”  ■ 


BY  ROBERT  MCMILLAN 

McAfee  plans  enhancements  to  its  re¬ 
cently  acquired  SiteAdvisor  software, 
which  lets  the  Web-rating  application 
block  inappropriate  Web  sites,  offer  safety 
ratings  for  online  transactions  and  rate 
Web  links  that  appear  in  e-mail  and 
instant  message  windows. 

The  features  are  expected  to  be  added 
to  SiteAdvisor  over  the  next  year, starting  a 
“protected  safe  search”capability  that  will 
let  parents  and  systems  administrators 
block  users  from  visiting  Web  sites, 
depending  on  their  SiteAdvisor  rating, 
says  Bill  Kerrigan,  the  executive  vice  pres¬ 
ident  of  McAfee’s  consumer  group. 

McAfee  is  also  working  on  new  e- 
commerce  rating  features, as  well  as  com¬ 
bining  SiteAdvisor  with  its  existing  anti¬ 
phishing  and  antispam  products  and  ser¬ 
vices,  Kerrigan  says. 

“We  have  antiphishing  technologies 
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today  that  try  to  assure  that  you  don’t  con¬ 
nect  to  a  site  that’s  imitating  a  legitimate 
business,”  he  says. “We  can  now  combine 
the  McAfee  content  with  the  SiteAdvisor 
database  and  make  that  a  much  more 
powerful  solution.” 

In  April,  McAfee  paid  more  than  $70  mil¬ 
lion  for  SiteAdvisor,  a  remarkable  sum  for 
a  14-person  company  that  had  just 
released  its  first  product,  a  free  browser 
plug-in.  But  McAfee  says  SiteAdvisor  will 
be  a  key  point  of  differentiation  from 
competitors  Symantec  and  Microsoft. 

The  SiteAdvisor  product  is  compelling 
to  McAfee,  the  company  says,  because  it 
focuses  on  something  that  most  security 
software  isn’t  doing:  helping  users  “make 
better  decisions  about  how  they  use  risky 
areas  of  the  ’Net,”  says  Christopher  Bolin, 
McAfee’s  chief  technology  officer,  speak¬ 
ing  at  the  company’s  financial  analyst 
conference  this  week. 

“When  I  saw  it  I  realized  this  was  the 
next  generation  of  consumer  security 
offerings  and  had  applications  way  out¬ 
side  of  the  consumer  security  space,” 
Bolin  says. 

SiteAdvisor  works  with  Web  browsers 
to  warn  people  when  they  are  about  to 
visit  a  site  that’s  been  associated  with 
spam,  spyware  or  computer  viruses.  The 
company  has  built  a  database  of  Web¬ 
site  ratings,  combined  from  millions  of 
automated  visits. 

The  company  had  been  planning  to 
release  a  premium  version  of  SiteAdvisor 
in  September,  but  that  target  has  now 


been  pushed  back  to  year’s  end  because 
of  the  acquisition. 

McAfee  is  still  figuring  out  whether  it 
will  sell  the  enhanced  features  as  part  of 
a  premium  version  of  SiteAdvisor  or  as 
options  to  its  suite  of  security  products, 
Kerrigan  says. 

Within  the  next  few  months,  McAfee 
expects  to  deliver  four  suites  of  its  next- 
generation  security  platform,  code- 
named  Falcon,  all  of  which  will  include 
SiteAdvisor. 

These  products  will  range  in  price  from 
$39.99  for  the  entry-level  McAfee  Virus- 
Scan  Plus  product  to  $99  for  a  multiuser 
version  of  the  high-end  McAfee  Total  Pro¬ 
tection  suite, Kerrigan  says.  Like  Microsoft, 
McAfee  also  plans  to  offer  versions  of  its 
products  that  can  be  used  by  as  many  as 
three  users,  a  package  that  is  designed  to 
make  license  management  much  easier 
for  home  users. 

McAfee  has  no  plans  to  discontinue  the 
free  version  of  SiteAdvisor,  which  has 
been  available  since  early  March.  ■ 
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"#1  Copier/Multifunction  Product  in  Overall 
Customer  Satisfaction  Among  Business  Users" 

-  According  to  J.D.  Power  and  Associates 


Savings  in  [MMk  S  w/Kffi©. 
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Big  Impact,  Low  Cost:  Kyocera  Color  Solutions  for  Business 

Add  vivid  color  to  your  documents  for  better  business  results.  Kyocera  offers  you  a  wide  range  of 
color  solutions,  all  with  a  very  low  total  cost  of  ownership.  From  desktop  printers  to  high  volume  MFPs, 
choose  Kyocera  for  award-winning  reliability  and  proven  performance.  And,  to  find  out  what  you  can 
do  to  reduce  your  printer  costs,  try  our  TCO  Tracker.*  This  online  tool  allows  you  to  calculate  what 
you'd  save  by  switching  from  your  current  printer  to  an  equivalent  Kyocera  printer. 

That's  the  power  of  People  Friendly.  Learn  more:  www.kyoceramita.com 

The  New  Value  Frontier 


People  Friendly. 
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KYOCERA  M1TA  CORPORATION.  KYOCERA  MITA  AMERICA,  INC.  ©2006  Kyocera  Mita  Corporation.  “People  Friendly,”  “The  New  Value  Frontier,"  the  Kyocera  “smile"  and  the  Kyocera  logo  are  trademarks  of  Kyocera. 
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Based  on  published  power  usage  data  available  from  bothcjp^ranies,  the  IBM  HS20,  model  79»«mBladeCenter  with  2GHz  dual  core  2M  cache  processors,  8GB  of  riMrflory,  2x36GB  SAS  HDDs,  dual  Ethernet,  dual  Fibre  ChannelcarTtrae^jo  to 
less  power  than  the  HP  BL20pG3  with  3.0GHz  2M^fhe  processors,  8GB  of  memory,  2x36GB  StSKHJDs,  dual  Ethernet,  dual  Fibre  Channel.  Analysis  performfrfon  April  10,  2006.  IBM.  the  IBM  logo.  BladeCenter  and  Take  Back  Controlare 
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_THE  INVASION 

_DAY  16:  These  servers  are  so  hot,  we’re  running  the  AC  at  full 
blast,  and  the  thermometer  is  still  pushing  140°  Had  to  relax 
the  dress  code  in  the  server  room.  No  choice.  It’s  towels  and 
flip-flops  until  we  get  this  heat  problem  under  control. 

_Gil  says  he’s  lost  a  lot  of  weight.  I  hadn’t  noticed. 

_DAY  17:  I  found  a  cooler  answer  to  our  heat  problem:  the  IBM 
BladeCenter®  with  Intel®  Xeon®  Processors  reduces  the  overall 
amount  of  power  required  by  the  system.  The  BladeCenter  is 
designed  to  respond  automatically  to  power  events  and  can  use 
up  to  37%  less  energy1.  Less  power.  Less  heat.  Less  money. 

Less  stress. 

_0h,  apparently  HR  had  a  problem  with  the  dress  code  but  couldn’t 
call  and  tell  us,  since  the  phones  had  melted. 


HANDLING 

CONVERGENCE 


Management  tools  answer  VoIP  call 


Maturing  VoIP  management 


Yankee  Group  asked  more  than  250  IT  decision  makers  how  they  manage 
voice  applications  running  on  their  data  networks.  About  one-quarter  use 
the  integrated  management  approach  that  industry  experts  recommend. 


Managed  service  provider 

7.87% 

Production  environment,  use  tools 
from  equipment  provider 

10.24% 

Passive  monitoring  in 
production  environment 

16.54% 


No  IP  telephony 
implementation 

17.32% 


Predeployment  testing  of  IP 
telephony/infrastructure 
assessment 

24.41% 


Integrated  performance, 
availability,  service  assurance 
and  call  quality  using  passive 
and  active  measurement  in 
production  environment 
23.62% 


BY  DENISE  DUBIE 

etwork  managers  running  voice 
applications  across  their  IP  net¬ 
works  know  a  thing  or  two  about 
juggling. 

Daily  they  must  track  the  performance  of 
IP  phones,  voice  gateways,  call  managers 
and  IP  PBXs  against  that  of  such  data  net¬ 
work  components  as  routers,  switches, 
hubs,  servers  and  client  machines.  They 
must  determine  whether  a  staticky  line  is 
caused  by  a  physical  problem,  such  as  a 
bad  cable  or  overextended  cord,  or 
whether  no  phone  service  on  a  user’s  desk¬ 
top  means  two  IP  phones  were  assigned 
the  same  IP  address.  With  VoIP  adoption 
growing,  network  managers’  need  for  man¬ 
agement  tools  has  grown  beyond  monitor¬ 
ing  device  availability  to  fine-tuning  voice 
application  and  service  performance. 

Ensuring  top  performance  on  a  con¬ 
verged  network  typically  requires  cou¬ 
pling  voice-specific  monitoring  tools  that 
detect  jitter,  packet  loss,  delay  and  call 
quality,  with  traditional  network  manage¬ 
ment  products  to  provide  a  picture  of 
device  health,  port  configurations  and 
network  availability  Bringing  such  tools 
together  gives  users  a  more  complete  pic¬ 
ture  of  how  voice  applications  affect  the 
data  network  —  and  vice  versa. 

“The  VoIP  network  is  highly  reliant  on 
how  well  your  data  network  is  performing,” 
says  Garrick  Sobeski,  manager  of  networks 
at  The  Institute  for  Transfusion  Medicine  in 
Pittsburgh.  The  organization  has  about  400 
IP  phones  in  its  6-month-old  Cisco  IP  tele¬ 
phony  system.  “We  had  to  make  sure  our 
routers  and  switches  were  running  in  tip¬ 
top  shape  —  pre-  and  post-voice  deploy¬ 
ment.  And  we  need  to  monitor  the  quality 
of  calls  in  real  time.” 

Sobeski,  who  oversees  a  voice  network 
that  ultimately  will  support  about  1,000 
phones  that  include  those  at  a  second 
location  in  Chicago,  says  he  uses  Qovia 
IP  Telephony  Manager  with  HP  Open- 
View  and  CiscoWorks  to  determine  con¬ 
verged  network  performance. 

Qovia  uses  management  software  and 
distributed  remote  appliances  that  act  as 
sniffers  for  voice  traffic,  reporting  back 
performance  metrics  and  notifying  when 
thresholds  are  missed. 

With  virtual  LANs  (VLAN)  in  place  to 
segment  voice  traffic,  and  QoS  priorities 
set  on  his  Cisco  gear, Sobeski  says  he  gets 
near  real-time  statistics  on  call  quality 
and  network  performance. 


“We  can  see  a  display  of  the  CEO’s  call 
qualify  if  we  have  too  many  poor  [mean 
opinion  score]  readings,  if  call  managers 
are  running  too  high  on  memory  —  basi¬ 
cally  we  get  visibility  into  all  pieces  of  the 
network  in  as  close  to  real  time  as  I’ve  seen 
so  far]’ Sobeski  says. 

Scott  Peterson,  director  of  network  ser¬ 
vices  at  Accenture  in  Dallas,  tapped  his 
InfoVista  management  products  to  track 
data  and  voice  network  performance.  He 
says  when  the  company  —  which  is  under¬ 
going  a  large  voice  deployment  across 
some  140  internal  locations  supporting 
130,000  employees  —  chose  a  manage¬ 
ment  software  provider  a  few  years  ago,  it 
went  with  InfoVista,  which  had  proved  its 
software  could  monitor  both  types  of  net- 
works.The  company  also  uses  EMC  Smarts 
for  network  management  and  correlation 
tools  and  BMC  Software  for  its  client/server 
management  product. 

“We  have  had  the  voice  network  growing 
for  about  five  or  six  years,  and  we  picked 
our  management  tool  two  years  ago,”  Peter¬ 
son  says.  “We  are  trying  to  use  the  fewest 
number  of  management  applications  to  get 
visibility  into  our  entire  network.  Subtle 
changes  in  IP  traffic  can  be  enough  to 
impact  voice.” 

As  VoIP  adoption  grows,  so  does  the 
number  of  vendor  tools  available  that 
deliver  details  on  IP  telephony  perfor¬ 
mance.  Recent  research  from  Infonetics 
suggests  the  number  of  people  subscrib¬ 
ing  to  VoIP  services  is  expected  to  almost 
double  in  2006,  to  47.3  million.  The  con¬ 
sultancy  also  released  results  from  a  study 
of  some  240  businesses  that  use  VoIP  now 
or  will  by  2007.  Among  large  businesses, 
36%  are  using  VoIP  equipment  and  VoIP 
services.  Only  23%  of  midsize  and  14%  of 
small  businesses  have  adopted  VoIP  gear 
and  services,  the  study  says,  but  VoIP  adop¬ 
tion  by  small  businesses  is  estimated  to 
triple  by  2010. 

Vendors  such  as  Brix  Networks,  Clarus 
Systems,  Netreo,  Qovia  and  Viola  provide 
voice-specific  monitoring  tools  to  help  cus¬ 
tomers  track  performance.  Voice  equip¬ 
ment  makers  Alcatel, Avaya,  Cisco,  Mitel  and 
Nortel,  provide  management  applications 
with  their  gear  to  help  network  managers 
collect  data  on  voice  devices.  Management 
software  and  appliance  makers,  such  as 
Apparent  Networks,  InfoVista  and  NetQoS, 
add  voice-performance  metrics  to  their 
products  that  detect  failures  and  degrada¬ 
tions  on  data  networks. 


Michael  DeDecker,  network  administrator 
at  Warner  Pacific  Insurance  Services  in  West 
Lake  Village,  Calif.,  uses  Cisco’s  Unified 
Operations  Manager  product  to  keep  tabs 
on  the  vendor’s  CallManager  5.0  product 
and  ensures  performance  stays  in  line  for 
about  500  devices  and  125  users.  Unified 
Operations  Manager  uses  probes  distrib¬ 
uted  on  the  network  to  collect  real-time 
samples  of  voice  quality,  he  says,  which 
“beats  troubleshooting  by  100  times,  be¬ 
cause  you  can  see  actual  delay  issues  at  a 
remote  site.” 

DeDecker  doesn’t  credit  Cisco  manage¬ 
ment  tools  entirely  for  his  success  with 
voice,  however.  When  the  company  built  a 
new  facility  in  2003,  his  IT  shop  decided  to 
move  to  VoIP  He  says  he  constructed  the 
site, “maybe  even  overprovisioned  [it]  a  lit¬ 
tle,”  to  support  voice  applications  running 
on  the  data  network.  He  also  has  VLANs  for 
voice  and  data  set  up  to  segregate  traffic 
and  ensure  QoS  policies  can  be  applied  to 
voice  as  needed. 

“With  voice,  video  and  data  on  one  wire, 
you  have  to  worry  about  latency  delay  band¬ 
width  constraints  —  and  mostly,  how  other 
programs  are  affecting  the  voice  traffic,”  he 
says.“If  you  are  going  to  invest  in  voice,  you 
must  also  invest  in  something  that  will  give 
you  insight  into  how  it  performs.You  want  to 
have  that  warm,  fuzzy  feeling  that  voice  and 
data  are  coexisting  happily 

Kevin  McPhee,  manager  for  network 
control  and  converged  solutions  at 


Coventry  Health  Care  in  Glen  Allen,  Va., 
says  he  uses  Avaya’s  Converged  Network 
Analyzer  and  VoIP  Monitoring  Manager 
because  the  products  include  intelli¬ 
gence  about  the  gear  he  has  installed. 
With  eight  sites  using  VoIP  and  total  of  30 
planned,  McPhee  says  Avaya  tools  help 
him  monitor  voice  alongside  his  data  net¬ 
work  to  determine  how  the  two  affect 
each  other,  with  voice  running  on  VLANs. 

“We  can  see  the  phones  on  the  network, 
but  we  can’t  see  into  the  phones,”  McPhee 
says.  “I’d  like  to  be  able  to  collect  statistics 
such  as  frame  errors  and  jitter  by  logging 
into  the  IP  phone.” 

Others  also  believe  voice  equipment 
makers  could  improve  their  management 
tools.  Tim  Ryan,  network  manager  at  Cali¬ 
fornia’s  City  College  of  San  Francisco,  says 
Alcatel’s  OmniVista  management  applica¬ 
tions  help  him  monitor  performance 
across  his  VoIP  network  involving  nine 
campuses,  1,800  phones,  500  analog 
ports  and  the  vendor’s  OmniPCX.  He  uses 
Alcatel  tools  in  concert  with  InMon  soft¬ 
ware,  which  monitors  the  data  network  for 
error  levels,  use,  dropped  packets  and 
latency  Alcatel’s  product  helps  him  moni¬ 
tor  trunk  use, measure  individual  call  qual¬ 
ify  and  collect  faults,  but  he  says  the  alarm 
logs  could  be  a  bit  more  intelligent. 

“I’d  like  to  see  more  intelligence  on  the 
severity  of  the  alarms  and  more  familiar¬ 
ity  with  our  system  and  how  it  alarms,” 
Ryan  says.B 
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I  have  people  to  support  and  ideas  to  enable.  Look  out  world,  because  my  network  is  coming  through. 
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and  employees  worldwide.  With  IP  VPNs,  Maya  has  a  cost-effective  networking  solution  that  allows 
users  to  collaborate  no  matter  where  they  are.  And  with  AT&T's  integrated  network  security,  Maya 
knows  she  can  expand  her  endpoints  without  any  increase  in  exposure.  Learn  how  Dynamic  Networking 
can  enable  your  business. 
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■  A  truly  unified,  integrated  solution  that  is  easy  to  deploy  and  manage. 

&  The  industry’s  strongest  threat  protection  -  from  known  and  unknown  threats. 

Total  visibility  and  control  of  multiple  security  functions  through  a  single  console, 
as  Scalability  for  small  businesses  to  large  enterprises. 
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B  THE  INTERNET  K  VPNS  B  INTEREXCHANGES  AND  LOCAL  CARRIERS  H  WIRELESS  IS  REGULATORY  AFFAIRS  It  CARRIER  INFRASTRUCTURE 

Justice  launches  wireless  competition 

General  Dynamics,  Lockheed  Martin  are  final  two  bidders. 


BY  CAROLYN  DUFFY  MARSAN 

The  Justice  Department  has  narrowed  the 
field  to  two  bidders  —  General  Dynamics 
C4  Systems  and  Lockheed  Martin  Inte¬ 
grated  Systems  and  Solutions  —  for  a  five- 
year,  $2.5  billion  wireless  communications 
system  that  will  be  used  by  all  federal  law 
enforcement  officials. 

Motorola,  Boeing  and  a  team  including 
AT&T  and  Raytheon  were  eliminated  from 
this  high-profile  competition,  which  began 
in  August  2004. 

The  Justice  Department’s  Integrated  Wire¬ 
less  Network  (IWN)  project  is  the  federal 
governments  first  major  attempt  since  the 
terrorist  attacks  of  Sept.  11,  2001,  to  im¬ 
prove  the  interoperability  and  perfor¬ 
mance  of  tactical  communication  sys¬ 
tems  used  by  law  enforcement  and  dis¬ 
aster  recovery  officials. 

“There  has  been  other  funding  through 
grant  programs  to  encourage  interoperable 
communications  for  state  and  local  enti¬ 
ties,  but  this  is  the  first  time  the  federal  gov- 


Short  Takes 


■  Nextlink  Wireless  and  Covad  this 
week  announced  a  partnership  to 
enable  Covad  to  deploy  higher-speed 
wireless  Ethernet  services  nationally 
using  Nextlink’s  licensed  spectrum. 
Covad’s  new  offering  will  include 
access  speeds  up  to  25Mbps  per 
subscriber  location  for  real-time 
applications  such  as  enterprise  VoIP. 
Nextlink’s  Local  Multipoint  Distri¬ 
bution  System  spectrum  resides  in 
the  28-  to  31-GHz  range.  Covad  ini¬ 
tially  will  offer  the  service  within  its 
network  in  the  Los  Angeles  metro¬ 
politan  area.  The  agreement  also 
allows  for  an  expansion  to  11  addi¬ 
tional  markets  across  the  country, 
including  Chicago,  Dallas,  Miami, 
New  York,  Seattle  and  Washington, 
D.C.  Covad,  traditionally  a  provider 
of  DSL  broadband  services,  has  had 
a  relationship  with  Nextlink's  sister 
company,  XO  Communications,  for 
several  years.  XO  resells  Covad's 
DSL  service. 


ernment  is  putting  its  money  into  a  system 
that  is  oriented  toward  emergency  re¬ 
sponse,  law  enforcement  and  intergovern¬ 
mental  coordination,”  says  Ray  Bjorklund, 
senior  vice  president  of  FedSources,  a  con¬ 
sulting  company  that  tracks  the  govern¬ 
ment  IT  market. 

IWN  (www.nwdocfinder.com/3932)  is 
estimated  at  $2.5  billion  for  the  first  five 
years.  The  government  has  said  it  may 
extend  the  program  10  years,  leading 
some  experts  to  value  the  deal  as  high  as 
$10  billion. 


Governments  around  the  world  are 
wrestling  with  the  impact  of  VoIP  on  tele¬ 
com  regulation.  Some  treat  VoIP  as  just 
another  way  to  deliver  telephony  services 
(and  subject  to  all  the  taxes  and  regula¬ 
tory  constraints  of  legacy  voice).  Others 
view  it  as  an  emerging  technology  that 
has  to  be  carefully  nurtured,  and  there¬ 
fore  protected  from  taxes  and  regulatory 
constraints. 

At  the  moment,  the  U.S.  government 
seems  to  be  leaning  toward  the  “just 
another  way  to  deliver  telephony”  per¬ 
spective.  As  I  pointed  out  last  week,  the 
FCC  is  looking  to  apply  Universal  Service 
Fund  taxes  toVolPThe  courts  have  similarly 
decided  recently  that  VoIP  is  covered 
under  the  Communications  Assistance  for 
Law  Enforcement  Act  (CALEA)  —  mean¬ 
ing  that  providers  such  as  Vonage  and 
Skype  need  to  provide  wiretapping  hooks 
like  those  from  AT&T,  BellSouth  and 
Verizon.  And  the  U.S.  House  of  Representa¬ 
tives  just  passed  the  “Communications 
Opportunity,  Promotion,  and  Enhance¬ 
ment  (COPE)  Act  of  2006” (H.R.5252), stip¬ 
ulating  that  VoIP  providers  must  ensure 
that  91 1  and  E-91 1  services  are  provided  to 
VoIP  subscribers. 

Overseas,  however,  the  situation  is 
decidedly  more  mixed.  Although  VoIP 
remains  officially  banned  in  China,  word 


Integrated  Wireless  Network 

IWN  will  provide  integrated  voice,  data 
and  multimedia  communications  services 
to  federal  law  enforcement,  first  responder 
and  homeland  security  officials.  IWN  will 
provide  secure  and  highly  reliable  wire¬ 
less  communications  services  using  a  VHF 
system  and  an  IP  backbone. The  network 
will  be  based  on  land  mobile  radio  and 
commercial  wireless  services.  Interoper¬ 
ability  with  other  federal,  state  and  local 
government  agencies  is  a  key  feature  of 
the  system. 


on  the  street  is  that  the  Chinese  are  plan¬ 
ning  to  rethink  their  strategy,  possibly  as 
early  as  this  year.  (No  word  on  whether 
the  Chinese  equivalent  of  CALEA  will 
apply.)  And  while  Russia  just  moved  to 
regulate  VoIP  the  Philippine  and  Indian 
governments  have  taken  steps  to  loosen 
VoIP  regulations. 

But  the  folks  who  are  furthest  ahead  are 
the  Europeans.  Earlier  this  month,  the  heads 
of  some  30  of  the  largest  formerly  state- 
owned  telcos  asked  the  EU  Information 
Commissioner  to  level  the  playing  field  by 
—  get  this  —  lifting  the  regulatory  burden 
imposed  on  incumbents,  rather  than  intro¬ 
ducing  more  regulation  for  new  players. 
What  a  novel  concept:  Deregulate  all  of 
telecom,  not  just  VoIP! 

In  fact,  the  EU  is  most  of  the  way  through 
a  process  initiated  late  last  year  to  review 
the  overall  regulatory  framework  for  tele¬ 
com  services  and  plans  a  formal  proposal 
to  the  European  Parliament  by  July.  (For 
details,  see  www.nwdocfinder.com/393 1 .) 

My  2  cents?  The  Europeans  are  right  on. 
Yeah,  I  know  it’s  politically  incorrect  to  say 
anything  even  remotely  positive  about 
those  cheese-eaters  across  the  pond. 

But  really,  folks:  It’s  stupid  to  impose  out¬ 
dated  regulatory  constraints  on  disrup¬ 
tive  technologies  such  as  VoIP  And  it’s 
even  stupider  to  have  governments  in  the 
business  of  picking  and  choosing  tech¬ 
nology  winners  by  exempting  some,  but 


IWN  will  replace  a  variety  of  antiquated 
communications  systems  that  the  Justice 
Department  says  are  plagued  with  prob¬ 
lems,  including  outdated  technology,  insuf¬ 
ficient  coverage,  channel  crowding  and 
congestion. 

More  than  80,000  law  enforcement  offi¬ 
cials  are  expected  to  use  IWN.  These  in¬ 
clude  members  of  the  FBI,  Drug  Enforce¬ 
ment  Administration,  U.S.  Marshals  Service, 
Customs  and  Border  Protection,  U.S.  Secret 
Service,  U.S.  Coast  Guard  and  Federal 
See  Wireless,  page  36 


not  all,  from  regulation. 

I’ve  said  it  before,  and  I’ll  repeat  it  here: 
What  the  United  States  needs  to  do  is 
launch  a  complete  soup-to-nuts  overhaul 
of  its  communications  regulatory  frame¬ 
work,  including  spectrum  allocation,  peer¬ 
ing  arrangements  and  emerging  services, 
such  as  VoIP  and  presence.  And  we  need 
to  pay  special  attention  to  issues  such  as 
privacy,  universal  access  and  emergency 
services  —  because  what  we’re  doing 
today  isn’t  working. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Network  World  VoIP  event 

Management  questioning  about  VoIP?  Eager  to 
unleash  a  chain  reaction  of  benefits  that  start  with 
VoIP  and  end  up  on  your  bottom  line?  Attend  The 
VoIP  Payoff:  Convergence  &  Collaboration  — 
Capitalizing  on  the  New  Benefits  of  Real-Time 
Networks  coming  in  June.  Register  now  to  qualify 
and  attend  for  free. 

www.nwdocfmder.com/3170 
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VoIP  regulations  test 
nations  around  the  globe 
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Emergency  Management  Agency. 

Vance  Hitch,  CIO  for  the  Department  of 
Justice,  released  a  statement  saying  that 
TWN  will  make  law  enforcement  and  pro¬ 
tective  operations  more  effective,  efficient 
and  safe”  by  providing  speedy  reliable  and 


secure  voice  and  data  communications. 

Top  two  bidders 

The  Justice  Department  was  due  to  award 
IWN  in  March.  Industry  watchers  expect¬ 
ed  a  single  company  to  be  selected  from 
the  field  of  five  bidders.  Instead,  the 
Justice  Department  is  conducting  a 
design  competition  between  the  top  two 
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The  right  tool  can  make  all  the 
difference.  That's  why  Fluke  Networks 
offers  a  range  of  portable  network 
tools  that  are  easy-to-use,  intuitive 
and  designed  to  accomplish 
exactly  what  you  need  them  to. 
Regardless  of  whether  you're 
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deploying  new  technologies  or 
troubleshooting  network  problems. 

We  have  the  toots  you  need  to 
immediately  focus  on  the  job  at  hand. 
And  focus  is  key  -  especially  as  your 
network  becomes  more  diverse,  and 
your  job  more  complex.  If  you're 
searching  for  the  right  tool  for  the 
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network  tools  are  worth  looking  into. 
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bidders,  General  Dynamics  and  Lock¬ 
heed  Martin. 

“In  the  upcoming  months,  General  Dy¬ 
namics  and  Lockheed  Martin  will  prepare 
and  submit  for  government  review  non-pro¬ 
prietary  designs  and  implementation  plans 
for  a  specific  geographic  region  of  the 
country?’ according  to  a  Justice  Department 
press  release  issued  June  9.  “At  the  end  of 
the  design  competition,  the  government  in¬ 
tends  to  select  one  of  these  firms  as  the 
IWN  systems  integrator?’ 


In  the  running 

The  Justice  Department’s 
Integrated  Wireless  Network  (IWN) 
program  is  drawing  bids  from  some 
of  the  nation's  top  military 
contractors,  but  commercial 
carriers  and  network  equipment 
suppliers  play  an  important  role. 

The  remaining  teams  are: 

General  Dynamics,  plus  Verizon  Wireless, 
Nortel  Government  Solutions, 

IBM  and  M/A-COM. 

Lockheed  Martin,  plus  Sprint,  Lucent 
Technologies,  Qualcomm,  ARING  and  Deloitte 
Touche. 


Verizon  ups 
business  DSL 
speed  in  16 
states 


BY  JIM  DUFFY 

Verizon  Online  has  expanded  its  two 
highest-capacity  business  DSL  packages 
to  16  more  states,  increasing  to  28  the 
number  of  states  where  it  offers  7.1Mbps 
service,  as  well  as  Washington,  D.C. 

Small  and  midsize  businesses  (SMB)  in 
California,  Florida,  Idaho,  Illinois,  Indiana, 
Michigan,  Nevada,  North  Carolina,  Ohio, 
Oregon,  Pennsylvania,  South  Carolina, 
Texas,  Virginia,  Washington  and  Wisconsin 
can  now  access  Verizon’s  maximum  DSL 
connection  speed  of  up  to  7.1Mbps  down¬ 
stream. The  service  offers  upstream  speeds 
of  768Kbps  with  a  dynamic  IP  address  for 
$99.95  per  month, or  $199.95  per  month  for 
a  static  IP  address. 

Verizon  Business  DSL  requires  a  one- 
year  contract. 

The  7.1Mbps  service  is  almost  10  times 
faster  than  Verizon’s  entry-level  speed  of 
768Kbps.  The  static  IP  address  option  is 
targeted  at  SMBs  needing  videoconfer¬ 
encing,  Web  hosting  and  Web  camera 
surveillance.  ■ 


The  two  systems  integrators  will  be  com¬ 
pensated  for  their  design  work  on  IWN 
through  indefinite  delivery,  indefinite  quan¬ 
tity  contracts  awarded  June  9. 

The  IWN  bidders  are  trying  to  expand 
their  market  share  in  the  area  of  public 
safety  networks.  General  Dynamics  is  work¬ 
ing  on  a  public  safety  network  for  the  state 
of  New  York  as  well  as  a  nationwide  com¬ 
mand,  control  and  communication  system 
for  the  U.S.  Coast  Guard  that  is  dubbed 
Rescue  2 1 . 

Lockheed  Martin’s  current  projects  in¬ 
clude  building  an  incident  information- 
management  system  for  the  Pennsylvania 
State  Police. 

“First  responders,  federal  agents  and 
other  public  safety  officers  who  protect 
the  nation  require  a  secure,  interopera¬ 
ble  communications  infrastructure  to 
share  critical  information,”  said  Chris 
Marzilli,  president  of  General  Dynamics 
C4  Systems,  in  a  statement.  “Our  team’s 
60-year  experience  in  command,  control 
and  communications  has  prepared  us 
well  to  meet  the  long-term  requirements 
of  this  high-priority  project.” 

Added  Gordon  McElroy  vice  president  of 
Intelligence  &  Homeland  Security  Systems 
for  Lockheed  Martin  Integrated  Systems  & 
Solutions:  “We  look  forward  to  deploying 
our  solution  in  the  field  and  enabling 
users  to  communicate  seamlessly  with 
those  who  need  information  to  protect 
our  nation.” 

Industry  watchers  were  surprised  to  see 
Motorola  eliminated  from  the  competition. 
“Motorola  is  so  well-known  in  the  law  en¬ 
forcement  community  that  it’s  interesting 
they  didn’t  receive  one  of  the  awards,” 
Bjorklund  says. 

He  adds  that  Motorola’s  wireless  gear 
may  end  up  in  the  IWN  design  because  of 
the  government’s  emphasis  on  nonpropri¬ 
etary  equipment.“Motorola  has  the  brand 
name  that  everyone  in  this  community 
knows,”  Bjorklund  says. “Motorola  may  not 
be  totally  out  of  the  game.” 

The  impact  that  the  Justice  Department’s 
IWN  program  will  have  on  other  law  en¬ 
forcement  systems  is  unclear.  Many  states 
and  municipalities,  including  New  York 
state  and  New  York  City,  have  launched  their 
own  efforts  to  upgrade  wireless  networks 
used  by  police,  fire  and  other  public  safety 
officials.lt  remains  to  be  seen  whether  all  of 
these  networks  will  comply  with  the  same 
standards  as  IWN. 

“The  feds  have  been  a  little  bit  late  in 
doing  this,”  Bjorklund  says  of  IWN. ‘A  lot  of 
state  and  local  governments  are  building 
their  own  systems  geared  toward  emer¬ 
gency  response.  The  impact  of  IWN  could 
be  moderate,  because  state  and  local  gov¬ 
ernments  are  saying  they  don’t  have  time  to 
wait  for  this  system.”  ■ 

WIRELESS  IN  THE  ENTERPRISE 
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IS  A  POWER  TOOL 
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"ShoreTel's  unified  messaging  has  proven  tc 
extremely  valuable  to  our  sales  and  custom* 
service  groups  at  Coleman-Powermate.  Many 
of  us  travel  between  company  sites,  making 
the  features  and  flexibility  of  the  system  perfect 
for  keeping  in  touch  at  all  times.  Now  I'm 
able  to  completely  control  two  very  important 
things — our  rapid  growth— and  my  telco  costs." 


MICHAEL  MANTKZE 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 

Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 

CIO 

Florida  Guardian  ad  Litem  Program 
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TECHNOLPfiY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


PI  61 9  safeguards  data  at  rest 

Proposed  standards  protect  information  on  disk  and  tape. 


HOW  IT  WORKS:  P1619 

Proposed  IEEE  protocols  protect  data  at  rest.  P1619  is  for  disk  storage  and 
P1619.1  is  for  tapes.  Here,  P1619.1  is  shown  guarding  data  stored  on  tape. 

B 
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Server 

Q  Server  sends  unencrypted  data  through  switch  to  P1619.1  encryption  engine. 
El  P1619.1  engine  encrypts  the  data  and  it  is  sent  to  tape  library  for  storage. 
B  Data  is  stored  encrypted  on  tape. 


Encrypted  tape 


BY  FABIO  MAINO 

For  the  past  few  years,  banking,  credit 
and  retail  industries  have  been  rocked 
by  one  massive  data  theft  after  another. 
The  common  thread:  The  data  was  not 
encrypted  and  thus  was  available  to 
criminals  looking  to  steal  private  iden¬ 
tity  and  financial  information. 

To  counter  this  disturbing  trend,  the 
IEEE  Security  in  Storage  Working  Group 
(S1SWG)  is  developing  two  related  stan¬ 
dards  that  use  encryption  to  protect 
stored  data,  known  as  data  at  rest.  The 
first,  P1916,  is  nearing  completion;  it  sets 
out  to  protect  data  stored  on  disks.  The 
more  recent  standard,  PI 619. 1 ,  is  for  pro¬ 
tecting  data  stored  on  tape. 

Work  on  the  disk  security  standard  be¬ 
gan  almost  four  years  ago  with  an  in¬ 
vestigation  into  how  the  challenge 
should  be  addressed.  Encryption  was 
regarded  as  the  most  straightforward 
and  reliable  means  of  data  protection, 
but  it  was  problematic  because  512-byte 
disk  blocks  contained  no  extra  space  to 
insert  traditional  cryptographic  compu¬ 
tations  known  as  integrity  check  values 


Got  great  ideas? 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Scburr  (aschuir@nww.com). 


(ICV).  Another  method  had  to  be  found 
to  protect  the  data. 

Better  approach 

SISWG  solved  the  problem  with  the 
help  of  the  Liskov  Rivest  Wagner 
advanced  encryption  standard,  a  length¬ 
preserving  algorithm.  This  let  the 
encrypted  data  be  the  same  size  as  the 
plain  text  data,  affording  limited  integrity 
protection  while  eliminating  the  need  to 
add  an  ICV. 

Furthermore,  the  working  group  pro¬ 
vided  a  format  for  export  keys  so  the 
encrypted  data  could  be  securely  ex¬ 
ported.  Authorized  third-party  vendors 
could  recreate  data  residing  on  a  disk  or  a 
portion  of  a  disk.  Finally,  the  group  out¬ 
lined  a  method  for  key  encryption  so 
encryption  keys  could  be  safely  exported. 
While  not  mandated,  this  mechanism  is 
suggested  by  the  standard. 

The  resulting  draft  standard,  PI 6 19,  is 
open  for  public  comment  for  several 
months.  The  standard  is  expected  to  be 
finalized  by  the  working  group  by  year- 
end  and  formally  approved  by  the  IEEE 
in  early  2007. 

Meanwhile,  work  on  PI 6 19.1  started 
last  year.  The  technical  hurdles  for  this 
effort  were  not  as  high  as  for  disk  pro¬ 
tection,  because  tapes  are  accessed 
sequentially  and  are  divided  into  vari¬ 
able,  not  fixed,  blocks.  Therefore,  SISWG 
opted  for  a  traditional  encryption  solu¬ 
tion  based  on  the  addition  of  an  ICV. 

P1619.1  sets  forth  two  modes.  The  first, 
called  Counter  Mode  with  CBC-MAC 
(CCM),  specifies  an  integrity  tag  length  of 


16  bytes  and  a  variable  data  length.  The 
second, Galois/Counter  Mode  (GCM),uses 
an  underlying  block  cipher  to  encrypt 
messages  of  arbitrary  length  in  an  authen¬ 
ticated  manner.  The  draft  standard  also 
describes  how  CCM  and  GCM  can  be  used 
for  authentication  only 

Additional  definitions 

Besides  these  modes,  the  PI 619.1  draft 
standard  defines  the  appropriate  key- 
derivation  mechanisms  to  be  used  for 
encryption  and  suggests  how  to  gener¬ 
ate  the  additional  parameters  needed 
for  encryption. 

The  standard  does  not  define  a  record¬ 
ing  format,  because  vendors  use  differ¬ 
ent  recording  formats  to  store  data  on 
tape.  The  P1619.1  draft  standard  should 


be  released  for  public  comment  by  year- 
end.  Finalization  likely  will  occur  in  late 
2007  or  early  2008. 

Given  the  shocking  frequency  of  theft, 
stored  data  must  be  safeguarded  and  its 
integrity  must  be  preserved.  Through 
IEEE  P1619  and  P1619.1,  SISWG  is  help¬ 
ing  to  ensure  the  continuous,  long-term 
protection  of  data  at  rest,  whether  it’s  in 
a  data  center  or  on  a  truck  bound  for  an 
off-site  facilty. 

Maino  is  a  technical  leader  at  Cisco 
and  a  member  of  the  IEEE  SISWG.  He  can 
be  reached  at  fmaino@cisco.com. 
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Ask  Dr.  Internet  By  Steve  Blass 


Is  there  a  basic  drawing-tool  component  to 
use  in  Web  pages  so  a  user  can  draw  a  sketch 
and  then  save  it  to  the  server  as  part  of  a 
collaboration  application? 

Large,  commercial  collaboration  applications,  such 
as  Blackboard  and  ERoom,  have  features  like  that. 
Including  drawing-tool  collaboration  in  basic  Web  site 
applications  can  be  a  little  more  difficult.  There  are 
groupware  applications  available,  such  as  Ogo 


(www.opengroupware.org)  and  Open  Xchange 
(www.open-xchange.org)  that  include  whiteboard 
tools  as  part  of  the  application,  but  you  have  to 
install  the  entire  package  to  get  that  feature.  Similar 
whiteboarding  features  are  available  in  Groove  and 
other  Web-enabled  groupware  applications. 

On  a  smaller  scale,  try  looking  at  J-Painter 
(www.izhuk.com/painter).  This  is  a  reasonably  priced 
Java  applet  that  lets  Web  site  visitors  use  a  basic 
drawing  tool  through  a  Web  browser.  You  can  try  the 


live  version  on  the  company's  Web  site  or  download  a 
trial  version  to  evaluate.  The  program  lets  users 
draw  and  add  text  using  a  full  color  palette  and  font 
control.  Circles,  rectangles,  lines  and  bucket  painting 
tools  are  included.  Files  are  saved  to  the  server  and 
then  can  be  downloaded  by  the  user. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.  internet@changc 
atwork.com. 
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Recommended  tools  for  the  tool  kit 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Some  time  ago  we  asked  for  rec¬ 
ommendations  on  tools  you  thought 
should  be  in  the  Gearhead  tool  kit. 
Here  are  a  few  reader  recommenda¬ 
tions  that  we’ve  been  able  to  test. 

The  first  is  Registry  Healer  4.4.1 
from  KsL  Software  (www.zoneutils 
.com).  As  its  name  implies,  Registry 
Healer  is  a  tool  for  finding  and  fixing 
problems  with  the  registry  We  ran  it 
on  one  of  our  laptops  that  has  been 
in  use  for  about  14  months, and  it  dis¬ 
covered  a  staggering  773  problems! 

Some  problems  were  minor,  such  as  missing  help  files 
left  over  from  uninstalled  applications  that  weren’t  com¬ 
pletely  tidied  up  after  removal,  while  others  were  serious, 
such  as  missing  Dynamic  Link  Libraries  (DLL),  invalid 
paths  and  trashed  entries. 

Registry  Healer  starts  by  backing  up  your  registry  Other 
run-time  options  include  the  ability  specify  the  types  of 
problems  to  search  for  (such  as  invalid  paths,  invalid  fonts 
and  run  entries),  an  option  to  have  the  registry  automati¬ 
cally  backed  up  regularly  (under  Windows  2000,  XP  and 
2003  only),  and  an  option  to  have  it  run  on  whatever  sched¬ 
ule  you  like. 

Once  a  scan  is  complete  you  can  select  the  entries  to 
fix  and,  voila!  Registry  Healer  fixes  the  problems  and 
optionally  compacts  the  registry,  which  can  result  in 
surprising  performance  improvements  in  systems  with 


badly  mangled  registries. 

Registry  Healer  is  shareware, and  the  unregistered  version 
is  limited  to  18  fixes  per  scan.  Registration  is  $19.95. 

Our  next  tool  is  an  image  viewer  and  manipulator  that 
many  people  recommended:  Irfanview,  created  by  Irfan 
Skiljan  in  Austria  (www.irfanview.com). 

Irfanview  is  small  (a  single  .EXE  file  with  no  DLLs  — 
hooray!),  fast,  easy  to  use,  robust  and  does  a  lot  more  than 

Registry  Healer . . .  discovered 
a  staggering  773  problems! 

display  image  files.  It  has  a  long  list  of  features  that  includes 
support  for  a  huge  number  of  file  formats  (see  www.nw 
docfinder.com/3934),  including  animated  GIFs,  and  the 
ability  to  save  into  18  formats.  Some  of  the  formats  require 
plug-ins  (see  www.nwdocfinder.com/3935),  and  the  Irfan¬ 
view  site  provides  downloads  for  most  of  them. 

Just  a  few  of  the  many  other  features  are  thumbnail  pre¬ 
view;  slide-show  display  with  the  ability  to  save  a  slideshow 
as  an  .EXE  file  or  in  screensaver  format  or  burn  it  to  CD;  dis¬ 
play  of  EXIF  IPTC  and  comment  text  in  slide-show  and  full¬ 
screen  display;  and  support  for  Adobe  Photoshop  Filters. 
This  is  an  incredible  piece  of  engineering  and  for  non¬ 
commercial  use  Irfanview  is  free,  while  registration  is  $12. 

We  should  also  mention  a  free  image-management  and 
editing  tool  —  Google’s  Picasa  (http://picasa.google.com/), 
which  is  available  for  Windows  2000,  XP  and  Linux 


(http://picasa.google.com/linux/).  Picasa  supports  camera 
detection  and  downloading,  image  fixes  (such  as  sharpen¬ 
ing,  contract  and  brightness  changes),  along  with  excellent 
organizing  and  exporting  features. 

While  Irfanview  is  our  choice  for  quick  image  viewing, 
Picasa  is  our  preferred  image-organizing  tool.  Moreover, 
Picasa  is  valuable  to  beginners  and  experts.  If  only  it  were 
available  for  OS  X  . . .  anyone  at  Google  listening? 

Our  final  tool,  Belarc  Advisor  from  Belarc  (see  www.nw 
docfinder.com/3936),  is  a  utility  for  analyzing  the  installed 
software  and  hardware  on  your  PC.  It  finds  missing 
Microsoft  hot  fixes,  checks  your  anti-virus  status  and  runs 
the  Center  for  Internet  Security  benchmarks  (www.cisecu 
rityorg).The  results  are  displayed  in  your  Web  browser,  and 
all  profile  information  is  kept  private  on  your  PC. 

Belarc  Advisor’s  reports  are  thorough,  covering  operating 
system  details,  processor  model,  motherboard  make  and 
model,  installed  drives  and  memory  details,  software  keys 
(useful  if  you  have  mislaid  the  original  disks),  system 
devices,  multimedia  devices,  printers  and  just  about  every¬ 
thing  you  might  want  to  know  about  how  a  PC  is  set  up. 

It  is  free  for  personal  use  only  —  Belarc  prohibits  com¬ 
mercial,  educational,  military  or  government  use,  and  offers 
instead  a  range  of  small  and  midsize  business  and  enter¬ 
prise  management  tools  that  provide  similar  services. 

Thanks  to  all  who  wrote  in.  If  you  have  any  other  favorite 
tool  picks  please  send  your  recommendations  to  gear 
head@gibbs.  com. 


,/  The  scoop:  Gateway  Profile  6,  from  Gateway,  starts  at  $1 ,000. 

What  it  is:  An  all-in-one  PC  system  in  which  the  computer  and  the 
monitor  are  merged,  the  Gateway  Profile  6  is  meant  to  be  a  space¬ 
saving  device  for  use  in  a  dorm  room  or  other  area  where  space  is 
limited. The  latest  version  comes  with  an  Intel  Pentium  4  Processor  631  (3.00 
GHz), 512MB  of  RAM, an  80GB  hard  drive, combination  CD-RW/DVD  optical  drive, 
integrated  speakers,  Gigabit  Ethernet  port,  six  USB  2.0  ports  (two  on  the  side,  four 
inside  the  removable  panel),  IEEE  1394  and  a  choice  of  a  17-  or  19-inch  display 
Why  it’s  cool:  1  love  it  when  a  company  converges  two  concepts  into  one,  and 

combining  a  PC  and  a  monitor,  while  not 
earth-shattering  (Apple’s  been  doing  that 
for  years  with  its  iMac  line),  is  quite  cool. 
Gateway’s  take  on  the  concept  is  a  bit  dif¬ 
ferent;  design-wise,  it  looks  like  an  automat¬ 
ic  coffee  machine  (black  and  blocky).The 
front  of  the  machine  includes  the  optical 
drive  and  media  card  reader  (very  handy 
for  loading  digital  photos),  while  the  side  of 
the  machine  let  us  attach  additional 
devices  (two  USB  ports  and  headphone/ 
microphone  jacks).  Popping  off  the  side 
panel  gave  us  access  to  other  ports  and 
interfaces.  1  also  enjoyed  that  the  Profile  6 
included  integrated  wireless  LAN  connec¬ 
tivity,  something  rarely  found  in  desktops 
(usually  integrated  wireless  is  reserved  for 
notebooks). 

Some  caveats:  During  my  tests,  the 


It  may  look  like  a  coffee  machine,  but 
the  Gateway  Profile  6  is  a  nice  all-in- 

one  PC. 


machine  inexplicably  powered  down  a  few  times,  and  1  had  to  unplug  the  device 
completely  by  pulling  the  power  cord  out  of  the  outlet  and  the  computer,  and 
reconnecting  (pushing  the  computer’s  power  button  didn’t  restart  the  system). 

Grade:  (out  of  5) 

The  scoop:  20-inch  flat-panel  LCD 
PC/TV  (model  MFM-HT205),  from 
Sony  about  $900. 

What  it  is:  An  all-in-one  monitor/TY 
the  MFM-HT205  combines  a  computer 
monitor  with  a  20-inch  widescreen  TV 
(integrated  TV  tuner).  Like  the  Gate¬ 
way  Profile,  the  monitor/TV  combina¬ 
tion  is  aimed  at  saving  space  for  users 
where  a  separate  TV  and  monitor  won’t 
fit.  The  system  includes  many  video 
input  options,  including  high-definition 
support  (1080i  HD  format  displayed  at 
native  720p  resolution),  analog  audio/ 
video,  digital  video  interface  input,  compo¬ 
nent  video,  composite  audio/video  (RSA)  and  two  S-video  inputs. 

Why  it’s  cool:  I  loved  the  multiple  options  available  for  video: The  system  let  me 
connect  a  video  game  system,  cable  TV  feed,  computer  and  DVD  player  all  at  the 
same  time,  with  room  for  more  inputs  if  1  needed  them. The  remote  control  was 
simple  to  use  and  allowed  for  easy  access  to  each  of  the  video  sources,  including 
the  picture-in-picture  and  the  picture-by-picture  features.  The  additional  inch  of 
display  space  (I  last  looked  at  the  Sony  19-inch  variety)  wasn’t  noticeable,  but  the 
move  from  a  square-ish  screen  to  the  widescreen  display  made  watching  DVDs 
more  enjoyable. 

Grade: 

Shaw  can  be  reached  at  kshaw@nww.com.  Watch  a  new  Cool  Tools  Video  Show 
every  Thursday  at  www.networkworld.com/video. 


Sony's  MFM-HT205  combines  a  monitor 
with  TV  feed  and  supports  HD  content 


Breakthrough  Technology: 
Enterprise-Wide  Maximum  System  Performance 


NEW 


DiskeeperJO 

The  Number  One  Automatic  Defragmenter™ 


Fragmentation  causes  slowdowns, 
freeze-ups  and  even  total  system  failures.  As  drive 
sizes,  file  sizes  and  CPU  speeds  increase  fragmentation 
becomes  more  of  a  problem  since  disk  drive  speeds 
have  not  kept  up.  This  results  in  a  performance 
bottleneck.  With  data  being  constantly  accessed, 
fragmentation  accumulates  daily  and  affects  all  servers, 
desktops,  and  storage  systems.  Manual  defragmentation  is 
simply  not  an  enterprise  solution. 

NEW  Diskeeper  10  is  designed  for  the  enterprise.  It  provides 
adaptive  technology  designed  to  wring  every  last  drop  of  performance 
out  of  every  system  on  your  network  —  whether  you  manage  hundreds 
of  servers  across  multiple  data  centers  or  thousands  of  desktops. 


Diskeeper  10  “Set  It  and  Forget  It”®  Features 


NEW!  I-FAAST™  (Intelligent  File  Access  Acceleration  Sequencing  Technology), 
boosts  file  access  and  creation  speeds  up  to  80%  (10-20%  average). 


•  NEW!  Core  enhancements  provide  fast,  thorough  defragmentation. 

•  EXCLUSIVE!  SmartScheduling™  customizes  automatic  defragmentation 


•  NEW!  Terabyte  Volume  Engine™  defrags  large  volumes,  SANs,  RAIDs 
and  NAS,  quickly  and  thoroughly.  Ideal  for  all  servers  including  file,  print, 
application,  SQL,  web,  Exchange,  and  domain  controllers. 


•  NEW!  Enhanced  I/O  Smart™  transparent  defragmentation  ensures 
uninterrupted  system  operation  even  during  busy  times  of  the  day. 


based  on  individual  usage  patterns. 

•  NEW!  Administrator  Edition  provides  easy  network-wide  configuration 
and  deployment  as  well  as  reports  on  disk  health,  real  time  performance, 
reliability  and  fragmentation  statistics. 

•  NEW!  Native  64  bit  operating  systems  support. 


Automatic  defragmentation  provides:  increased  performance,  reliability, 
reduced  maintenance,  longer  machine  life,  faster  backups  and  faster 
antivirus  and  spyware  scans.  See  for  yourself! 


SPECIAL  OFFER 


mm 
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Try  EVERY  FEATURE  in  Diskeeper  10  FREE  for  45  days  |J§s 

www. diskeeper. com/nww2  .-4 


Enterprise  networks  need  Diskeeper,  The  Number  One  Automatic  Defragmenter  with  over  20  million  licenses  soldi 

Volume  licensing  and  Government  /  Education  discounts  are  available  from  your  reseller  or  call  800-829-6468  Code  4366  % 


White  papers,  case  studies  and  articles  are  available  at  http://www.diskeeper.com/nww2refpoTts'-;; 


©2006  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper.  The  Number  One  Automatic  Defragmenter,  l-FAAST,  I/O  Smart,  SmartScheduling,  Terabte  Volume  Engine,  “Set  It  and  Forget :  \  and 
the  Diskeeper  Corporation  logo  are  registered  trademarks  or  trademarks  owned  by  Diskeeper  Corporation  in  the  United  States  and/or  other  countries.  Windows  is  a  registered  trademark  or  trademar  k 
owned  by  Microsoft  Corporation  in  the  United  States  and/or  other  countnes.  Diskeeper  Corporation  •  7590  N.  Glenoaks  Blvd.  Burbank,  CA  91504  •  800-829-6468  •  www.dtskeeper.com 
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The  skinny  on 
security  wares 


BUYERS  GUIDES 


It’s  pretty  fat,  actually.  The  upcoming  Network  World 
Security  Buyer’s  Guide,  which  makes  its  debut  next 
week  (see  www.nww.com),  contains  detailed  informa¬ 
tion  on  more  than  500  products  in  23  distinct  security 
product  categories. 

The  Security  Buyer’s  Guide  covers  everything  from  SSL 
VPNs  and  wireless  LAN  security  to  identity  management 
products,  unified  threat  management  appliances,  anti-spam 
services,  and  auditing  and  compliance  wares. 

We  have  tapped  our  experience  reporting  on  and  test¬ 
ing  these  products  to  assemble  extensive,  technically 
detailed  surveys  in  each  category  that  cut  to  the  heart  of 
what  makes  products 

stend  apart.™™  we  HETWORKWORU) 

hounded  vendors  to 
submit  product  details 
into  a  centralized  data¬ 
base  and  built  a  search 

engine  that  lets  you  pinpoint  which  products  offer  the 
features  you  need  most. 

The  result  is  a  tool  that  will  help  you  quickly  sift  through  a 
large  database  and  build  a  short  list  of  products  that  are 
appropriate  for  your  network  (the  tool  goes  live  on  June  26; 
for  a  preview  go  to  www.nwdocfinder.com/4022). 

Security  is  a  fast-moving  target.  By  enlisting  the  help  of 
mBlast,an  information  management  service  provider,  we 
can  ensure  that  all  Buyers  Guide  content  is  up  to  date,  as 
vendors  can  load  new  product  descriptions  to  the  database 
as  their  products  evolve.  Changes  will  be  posted  to  our  site 
daily.  We  also  are  committed  to  creating  additional  product 
guides  for  new  security  categories  as  they  emerge. 

But  we  aren’t  stopping  at  security.  We  are  currently  collect¬ 
ing  product  information  for  a  Wireless  Buyer’s  Guide  and  a 
Storage  Buyer’s  Guide,  which  are  scheduled  to  go  live  at  the 
end  of  next  month. 

Additionally,  in  late  August,  we  will  make  available  a  Con¬ 
vergence  Buyer’s  Guide  as  well  as  a  LAN/WAN  Manage¬ 
ment  Buyer’s  Guide.  And  finally,  in  September  we  will 
launch  a  Network  Infrastructure  Buyer’s  Guide  and  a 
Network  Applications  Buyer’s  Guide.These  guides  will  pro¬ 
vide  the  most  comprehensive  directory  of  enterprise  IT  ven¬ 
dors  in  each  category,  list  the  most  products  and  offer  the 
most  detailed,  up-tadate  product  information  available  in 
one  searchable  database. 

Network  World  has  made  every  effort  to  contact  all  ven¬ 
dors  in  the  security  market  to  offer  the  opportunity  to  list 
their  product  information  in  the  Security  Buyer’s  Guide.  If 
you  see  that  we  missed  any  product,  vendor  or  market, 

drop  me  a  note. 


—  Christine  Burns 
Executive  editor, Testing 
cburns@nww.  com 


Taking  a  worldview 

Regarding “$100  laptops?  . . .  Not  yet”  (www.nwdoc 
finder.com/3921): The  One  Laptop  Per  Child  and 
low-cost  PC  initiatives  are  admirable  goals;  how¬ 
ever,  both  strike  me  as  being  nothing  more  than 
new  business  initiatives.  Current  PC  users 
upgrade  their  hardware  every  few  years  and  usu¬ 
ally  discard  old  but  fully  operational  hardware. 
Maybe  with  volunteers  and  tax  credits,  these  old 
PCs  (or  parts  thereof)  could  be  reused  instead  of 
contaminating  landfills.  If  we  are  going  to  change 
the  world,  why  not  take  a  worldview? 

Jeff  Black 
Arlington, Va. 


Root  of  all  evil 

Regarding  “Are  rootkits  really  evil?”  (www.nwdoc 
finder.com/3923):  Sebek  is  a  good  example  of  a 
rootkit  used  to  monitor  system  activity  on  a  honey- 
pot.  It  sends  the  activity  data  over  a  covert  channel 
to  a  Sebek  controller. The  value  in  this  is  the  data 
bypasses  the  system’s  TCP/IP  stack  and  is  unde¬ 
tectable  by  a  packet  sniffer  on  the  system  itself. 
Would  I  do  this  on  a  production  system?  Maybe, 
maybe  not.The  traffic  still  can  be  seen  by  an  intru¬ 
sion  detection/prevention  system  sensor  after  it 
gets  on  the  wire, so  if  a  system  is  compromised, you 
can  still  detect  malicious  traffic.  But  it  makes  it 
very  difficult  for  an  attacker  to  detect  the  monitor¬ 
ing  of  the  system  activity.  If  you  could  use  a  tool 
like  this  for  remote  logging  or  monitoring,  it  could 
be  very  beneficial. 

David  Erban 
Mission  Viejo,  Calif. 


can  hide  spyware  and  viruses  is  a  godsend  for  mal¬ 
ware  writers,  as  their  malware  can  go  undetected  for 
longer  and  can  be  harder  to  remove.  Ordinary  users 
don’t  want  to  have  to  wipe  their  hard  drive  to 
remove  a  piece  of  code  that  is  hiding  a  piece  of  mal¬ 
ware  that  pops  up  ads  at  them  every  now  and  again. 

Rootkits  will  become  more  customized  and 
harder  to  find,  as  their  signatures  will  change  with 
each  new  attack.  We  all  have  a  rocky  road  ahead 
with  rootkits. 

Stephen  Marsh 
Administrator 
www.antirootkit.com 
Dublin,  Ireland 


Say  no  to  Gig  desktops 

Regarding  “Gartner  analyst:  Resist  Gig  Ethernet” 
(www.nwdocfinder.com/3922):  As  far  as  gigabit 
to  the  desktop,  to  an  extent  the  story  has  it  right. 
But  for  trunks  to  closets  as  well  as  server  connec¬ 
tions,  it  is  the  sane  way  of  doing  things.  Want  to 
spend  time  with  QoS  trying  to  put  10  pounds  of 
coffee  in  a  5-pound  can? 

Prioritization  schemes  are  necessary  pains  in  the 
butt,  not  something  to  design  a  system  or  network 
around.  My  company  does  gigabit  trunks  over 
wavelength  division  multiplexing  in  the  metro¬ 
politan  area  on  a  shoestring  budget,  and  the  users 
are  much  happier  than  they  used  to  be.  Speed 
thrills.  But  gigabit  to  the  desktop,  on  the  other 
hand, has  been  more  liability  than  asset, given  the 
ability  of  a  single  machine  to  push  huge  amounts 
of  traffic. 

Darrell  Jones 
Eugene,  Ore. 


Rootkits  are  becoming  more  prevalent  as  the 
months  go  by  Having  a  piece  of  rootkit  code  that 


E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road.  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Michael  Kamens 


SEC  ruling  drives  demand  for  SOX  auditors 


Congress  passed  the  Sarbanes-Oxley  Act  in 
2002  to  restore  confidence  after  sharehold¬ 
ers  lost  billions  of  dollars  because  of  ac¬ 
counting  fraud  at  companies  such  as  Enron, 
WorldCom  andTyco.In  realitySOXwasan  attempt 
to  legislate  quality  control  regarding  how  publicly 
traded  companies  should  be  managed  on  a  day- 
to-day  basis.  The  Securities  and  Exchange 
Commission  (SEC)  requires  all  firms  to  document 
—  and  an  external  auditor  to  confirm  —  that 
adequate  controls  are  in  place  to  ensure  that 
financial  statements  filed  with  the  SEC  paint  a 
realistic  picture  for  investors. 

From  the  moment  SOX  was  enacted,  there  have 
been  heated  discussions  about  providing  relief 
for  small  to  midsize  businesses  by  relaxing  re¬ 
quirements  or  exempting  some  of  the  rules. 
During  the  last  three  years,  committees  were 
formed,  industry  opinions  were  generated,  and 
accounting  firms  requested  a  re-evaluation  and 
review  of  the  requirements.  Finally  on  May  17,  SEC 
Chairman  Christopher  Cox  announced  that  small 
companies  would  not  be  exempt  from  a  key  set  of 
new  post-Enron,  investor-protection  rules. 

This  was  not  what  many  executives  and  Con¬ 


gress  expected  to  hear.  It  created  a  tremor  that 
probably  will  end  with  Congress  modifying  SOX 
under  legislation  titled  the  Complete  Act. 

We  are  in  the  third  year  of  SOX  for  the  larger  pub¬ 
licly  traded  companies,  the  second  year  for  the  for¬ 
eign  publicly  traded  companies  and  the  first  year 
for  every  publicly  traded  company  with  a  market 
cap  of  $75  million  or  greater.  In  its  May  decision, 

This  demand  is  fueled  not 
just  by  the  SEC  ruling,  but 
by  a  series  of  identity  thefts. 

the  SEC  extended  the  deadline  for  non-accelerat- 
ed  filers  from  July  15, 2006,  to  Dec.  16,2006.  Com¬ 
panies  that  held  off  filing  in  anticipation  of  a  favor¬ 
able  ruling  now  have  only  a  five-month  reprieve  to 
catch  up. 

In  a  previous  column  (www.nwdocfinder.com/ 
4023),  I  was  not  overly  optimistic  about  the  future 
of  independent  IT  SOX  auditors,  because  1  felt  the 
SEC  chairman’s  ruling  would  put  a  damper  on  the 
amount  of  new  audit  work.The  sticker  shock  from 
the  costs  of  using  external  auditors  for  previous 


audits  has  not  worn  off,  prompting  companies  to 
look  into  hiring  additional  internal  IT  auditors. 

From  all  the  activity  I  see  in  the  employment 
marketplace,  it  seems  the  demand  for  IT  SOX 
auditors  has  never  been  higher.  This  demand  is 
fueled  not  just  by  the  SEC  ruling,  but  also  by  a 
series  of  identity  thefts  at  major  companies  and 
by  the  public’s  mistrust  of  how  securely  its  per¬ 
sonal  information  is  being  stored. 

The  credit  card  industry  took  the  initiative  to 
tighten  security  at  companies  processing  credit 
cards  through  the  Visa  Cardholder  Information 
Security  Program  (ClSP)(see  www.nwdocfinder. 
com/4024).  IT  security  auditors  need  to  expand 
their  knowledge  beyond  the  IT  General  Controls 
and  Risk  Analysis  to  understand  those  safeguards 
for  identity  theft  and  requirements  for  compli¬ 
ance  with  the  Visa  CISP  The  role  of  the  IT  auditor 
has  never  been  greater  as  companies  look  to 
those  with  expertise  to  offer  guidance. 

Kamens  has  a  law  degree  and  is  a  certified  infor¬ 
mation  security  manager  and  independent  IT  secu- 
rity/SOX  auditor.  He  can  be  reached  at 
mike@kamens.  org. 


IDENTITY  THEFT 

Sean  Steele 


VA  breach  shows  growing  insider  threats 


The  recently  disclosed  theft  of  personal  infor¬ 
mation  on  26.5  million  U.S.  veterans  and 
active-duty  personnel  from  the  home  of  a 
Department  of  Veterans  Affairs  analyst  is  a  cata¬ 
strophe  that  should  have  been  anticipated  and 
could  have  been  avoided.  The  security  risks 
posed  by  insiders  are  becoming  more  visible  and 
damaging  but  are  far  from  new. 

Many  executives  in  the  federal  government  and 
corporate  America  remain  ill  equipped  and  un¬ 
prepared  to  address  the  security  threats  posed  by 
their  trusted  insiders.  Security  professionals  con¬ 
tinue  to  fight  for  each  budget  dollar  allocated  to 
safeguarding  internal  data,  networks  and  systems. 
Private  industry  must  reprioritize  security  and 
step  up  enforcement  efforts  for  insiders.  Congress 
must  put  teeth  into  its  paper  regulations  and  act 
quickly  to  strengthen  consumers’  rights.  We 
should  all  start  by  admitting  insiders  pose  real 
security  threats  and  need  to  be  scrutinized  as  dili¬ 
gently  as  outsiders. 

If  2005  was  the  Year  of  the  Database  Breach  — 
more  than  50  million  personal  records  were  lost 
or  stolen  —  2006  is  shaping  up  to  be  the  Year  of 
the  Insider  Threat.  The  VA  incident  underscores 
how  many  organizations  have  given  insiders  unre¬ 
stricted  access  to  sensitive  data.  While  organiza¬ 
tions  have  spent  billions  of  dollars  building  strong 
defenses  to  protect  against  outside  attackers,  the 
2005  Computer  Security  Institute/FBI  Computer 
Crime  and  Security  Study  found  that  insiders 
were  responsible  for  nearly  as  many  attacks. 

In  May  2005,  Wachovia  and  Bank  of  America 
notified  more  than  100,000  customers  after  nine 
people,  seven  of  whom  were  employees,  were 
caught  stealing  and  selling  sensitive  data  about 
bank  customers.  But  it’s  not  just  the  insiders- 


slash-thieves  we  should  be  concerned  with; 
sometimes  our  best  employees  make  mistakes  in 
the  name  of  improved  productivity.  A  desire  to 
work  harder  and  better  can  lead  to  security 
breaches,  as  is  likely  the  case  with  the  VA  analyst. 
Unfortunately,  few  organizations  have  imple¬ 
mented  anything  resembling  reasonable  insider 
security  measures. 

Human  resource  managers  must  move  from 
focusing  on  employee  retention  and  morale  to 
holding  employees  accountable  for  cutting  cor¬ 
ners  and  jeopardizing  security  The  emergence  of 
an  employee-hiring  blacklist  in  the  financial  ser¬ 
vices  industry  is  a  decisive  if  controversial  move 
in  this  direction.  The  database  is  sponsored  by 
BITS,  a  consortium  of  some  of  the  largest  U.S. 

TheVA  could  have  miti¬ 
gated  or  avoided  the  recent 
data  breach  with  man¬ 
datory  hard  disk  encryption. 

financial  institutions  and  lists  employees  at  finan¬ 
cial  institutions  who  were  fired  because  they 
deliberately  caused  financial  damage  or  leaked 
sensitive  customer  data. 

To  make  matters  worse,  the  federal  government 
isn’t  enforcing  industry  data  security  regulations. 
Even  though  more  than  19,000  complaints  have 
been  filed,  not  a  single  civil  fine  has  been  levied 
against  the  healthcare  industry  for  violations  of 
the  Health  Insurance  Portability  and  Account¬ 
ability  Act.  Congress  must  provide  federal  regula¬ 
tors  with  the  necessary  resources  to  police  private 
companies.  For  example,  although  encryption  is 


called  for  in  numerous  data  security  regulations 
governing  the  healthcare  and  financial  services 
industries,  very  few  organizations  are  taking  basic 
steps  to  encrypt  sensitive  data  that  travels  outside 
secure  facilities  on  devices,  laptops  and  portable 
hard  drives.The  VA  could  have  mitigated  or  avoid¬ 
ed  the  recent  data  breach  with  mandatory  hard 
disk  encryption. 

Meanwhile,  identity  theft  victims  do  not  have 
the  tools  they  need  to  discover  or  mitigate  the 
damage  done  to  them  by  the  organizations  that 
possess  —  and  may  lose  —  their  personal  data. 
Veterans  and  other  individuals  cannot  easily 
place  freezes  on  their  credit  accounts  to  stop 
potential  thieves;  only  17  states  have  freeze  laws 
on  the  books. 

Congress  bears  much  of  the  blame  for  not  mov¬ 
ing  aggressively  to  preempt  state  legislatures  on 
this  important  issue.  Likewise,  the  database- 
breach  notification  laws,  which  require  compa¬ 
nies  to  notify  individuals  whose  information  has 
been  compromised,  vary  substantially  from  state 
to  state.  The  California  Security  Breach  Informa¬ 
tion  Act  requires  organizations  that  maintain  per¬ 
sonal  information  to  notify  California  residents  if 
their  information  is  compromised.  Congress 
should  extend  this  protection  to  all  Americans 
regardless  of  where  they  live. 

There  are  no  quick  fixes  for  managing  insiders 
and  their  behavior,  but  Congress  and  private 
industry  must  do  a  better  job. 

Steele  is  a  member  ofVirginia's  Joint  Commission 
on  Technology  and  Science,  Privacy  Advisory 
Committee,  and  co-founder  of  infoLock  Tech¬ 
nologies,  an  information  security  consulting  firm 
He  can  be  reached  at  ssteele@infolocktech.coni 
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►  Blades  try  to  shake 
off  bad-boy  image. 

First-generation  products  fizzled, 
but  vendors  are  offering  new  and 
improved  versions.  Page  46. 


Servers 


►Virtualize  now 

Experts  say  virtualization  can 
provide  immediate  benefits  in 
the  data  center.  Page  48. 


►Core  competency 

Multicore  chips  offer  increased 
performance,  especially  for  multi¬ 
threaded  applications.  Page  50. 


Powerful  new  servers  offer  low-cost 
alternatives  to  traditional  Unix  boxes 
in  the  data  center, 


server 


BY  JENNIFER  MEARS 

hen  Curt  Schumacher  began 
working  at  the  Chicago 
Board  of  Options  Exchange 
nearly  a  quarter  century  ago, 
the  question  of  what  hardware  plat¬ 
forms  to  use  to  support  the  business 
was  relatively  simple: “We  had  two  big 
mainframes  with  a  lot  of  disk,”  says 
Schumacher,  now  CTO  of  the  coun¬ 
try’s  oldest  options  exchange.dt  was 
nice  and  easy  back  then.” 

Today  IT  executives  have  many  more  questions  to  answer  before  mak¬ 
ing  a  buying  decision.  Blade  server  or  1U  box?  Single-chip,  dual-core  or 
maybe  quad-core?  32-bit  or  64-bit?  How  about  virtualization?  Windows  or 
Unix  or  Linux? 

The  driving  force  behind  this  explosion  of  customer  choice  in  the  server 
market  is  the  x86  platform,  which  has  grown  from  its  roots  as  an  inexpensive, 
low-end  Wintel  box  that  wasn’t  to  be  trusted  with  mission-critical  applica¬ 
tions,  to  the  most  widely  purchased  server  in  the  world,  capable  of  support¬ 
ing  workloads  once  limited  to  expensive  mainframes  and  Unix  systems. 

And  the  power  of  the  x86  architecture,  originally  developed  by  Intel,  is 
expected  only  to  grow.  Intel  and  competitor  Advanced  Micro  Devices  (AMD) 
support  64-bit  computing  along  with  traditional  32-bit,  have  introduced  dual¬ 
core  processors  and  are  integrating  virtualization  technologies  into  their  sili¬ 
con  to  make  virtualized  workloads  perform  better. 

IT  buyers  can  expect  updated  x86-based  systems  from  the  major  server  ven¬ 
dors  this  summer  —  most  notably,  a  new  chip  architecture  from  Intel  aimed 
at  increasing  energy  efficiency  and  boosting  performance  —  with  additional 

See  Decisions,  page  46 
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In  the  x86  world,  it’s  definitely 
a  faster  pace  than  in  the  Unix 
world  or  the  mainframe  world. 

The  road  maps  went  from 
years  to  months,  [and]  now  it’s 
lunch  periods,  it  seems.” 
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Curt  Schumacher,  CTO,  Chicago  Board  ill  ()|]t 


HP  ProLiant  BL35p  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Dual-Core  AMD  Opteron™  200  Series  processors 

•  High  density:  Up  to  96  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


Chaos,  now  under 
your  control. 


•  integrated  Cisco  or  Nortel  switch  options  HP  BladeSystem  servers  offer  tools  to  help  you  keep  pace  with  fluctuating  demands. 

Save  up  to  $450  on  select  AMD  based  Blade  Servers.1  .  .  .  .  .  .  f. 

the  HP  ProLiant  BL35p  Blade  berver  is  designed  to  relieve  some  of  the  stress.  Its 


HP  StorageWorks  MSA1500cs 


AMD  Opteron™  processors  offer  dual-processor  power  with  breakthrough  efficiency. 
With  management  features  like  the  Rapid  Deployment  Pack  that  lets  you  deploy 
and  redeploy  blades  without  missing  a  beat,  and  a  single-view,  graphical  user 
interface  that  streamlines  monitoring  and  configuration,  HP  BladeSystem  servers  work 


with  StorageWorks  Essentials  Management  Software 
•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

■  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

■  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility 

■  2GB/1GB  Fibre  connections  to  host 

Get  2TB  of  storage  free  ($2,008.80  value)2 


with  you  so  you  don't  have  to  work  so  hard.  And,  bundled  with  the  StorageWorks 
MSA1500cs,  you  can  reduce  the  cost  and  complexity  of  deploying  a  storage  area 
network,  giving  you  a  better  return  on  investment. 

Save  up  to  $450  on  select  AMD  based  Blade  Servers.1 


AMD 


Opteron 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


Call  1-888-223-5441 
Click  hp.com/go/bladesmag49 
Visit  your  local  reseller 


1.  Save  up  to  $450  on  select  AMD  based  Blade  Servers.  Otter  valid  through  7/31/06.  2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1500cs  devices.  Offer  valid  through  7/31/06.  All  offers  available  from  HP  Direct  and  participating  reseller;..  Prices  sncwn 
HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  For  hard  drives,  1GB  =  1  billion  bytes.  Actual  formatted  capacity  is  less.  Photography  may  not  accurately  represent 
configurations  priced.  Associated  values  represent  HP  published  list  price.  AMD,  the  AMD  Arrow  Logo,  AMD  Opteron  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices,  Inc.  ©2006  Hewlett-Packard  Development  Company,  L.P. 
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enhancements  such  as  embedded  security  and  power 
management  tools  following  not  long  after.  AMD  and  Intel 
plan  to  debut  quad-core  processors  in  2007. 

“One  of  the  issues  [with  today’s  server  market]  is  that 
every  time  you  blink,  something  changes,”  Schumacher 
says.“In  the  x86  world,  it’s  definitely  a  faster  pace  than  in 
the  Unix  world  or  the  mainframe  world. The  road  maps 
went  from  years  to  months,  [and]  now  it’s  lunch  periods, 
it  seems.” 

As  a  result,  IT  professionals  need  to  watch  developments 
closely  But  they  shouldn’t  rip  out  hardware  and  bring  in 
new  servers  each  time  an  update  is  released,  analysts  say 
Dual-core  servers  and  64-bit  support  are  just  steps  in  the 
evolution  of  the  x86  platform,  says  John  Enck,  a  research 
vice  president  at  Gartner.“It’s  not  enough  of  a  change  that 
it’s  worth  altering  the  buying  life  cycle,”  he  says. 

Instead,  enterprises  should  follow  their  existing  refresh 
schedule  or  use  operating  system  upgrades  as  the  time  to 
bring  in  new  hardware.  Embedded  virtualization  technol¬ 
ogy  is  one  area,  however,  where  it  may  make  sense  to 
break  from  the  norm,  Enck  says. 

Virtualization  on  x86  platforms  “is  going  to  take  a  big  step 


forward,”  he  predicts.’Anybody  that’s  looking  to  do  virtual¬ 
ization  today  and  plans  to  do  it  on  a  new  system,  should 
delay  their  purchase  to  make  sure  they  buy  the  new 
[AMD]  Pacifica-  or  [Intel]  VT-enabled  technology’ he  says. 

These  advancements  should  be  good  news  for  IT  buy¬ 
ers,  who  now  find  the  low-cost  servers  to  be  suitable 
replacements  for  big,  expensive  boxes. 

So  how  do  companies  know  which  server  platform  is 
right  for  which  workload?  As  always  has  been  the  case, 
the  goal  is  to  find  the  server  on  which  the  software  runs 
best.The  answer,  however,  may  come  as  a  surprise. 

Processing  power 

Schumacher,  for  example,  shunned  x86  hardware  in 
the  early  2000s,  when  it  became  popular  as  a  platform 
for  Linux-based  applications.  Today,  however,  he’s  look¬ 
ing  at  replacing  his  eight-processor,  SPARC-based  Unix 
systems  from  Sun  and  Fujitsu  with  dual-core  Opteron- 
based  servers. 

“What  has  happened  in  the  last  year  is  now  the  x86  [sys¬ 
tems]  are  able  to  do  a  lot  of  the  processing  equivalent  of 
the  Unix  boxes,”  Schumacher  says.  He  is  testing  dual-core 
Opteron  servers  from  Sun  and  Fujitsu  and  plans  to  move 
several  applications,  including  the  Option’s  trade  servers, 
onto  those  systems  in  four-processor  configurations,  giving 


him  the  eight  processing  cores  he  needs. The  boxes  will 
run  the  Solaris  10  operating  system. 

“The  price  point  is  great,”  he  says.“I  can  buy  one  of  these 
boxes  for  a  third  of  the  cost  [of  a  Unix  system]  and  keep 
the  same  power,  if  not  better? 

But  when  it  comes  to  navigating  the  server  market, 
analysts  warn  that  price  is  no  longer  enough. When  look¬ 
ing  for  a  systems  vendor,  IT  buyers  must  look  at  the 
whole  package. 

“Price  is  important,  but  it’s  no  longer  the  key  thing,”  says 
Vernon  Turner,  group  vice  president  and  general  manager 
of  IDC’s  Enterprise  Computing.  “Look  to  see  whether  the 
vendor  has  a  good  blade  strategy  [and]  a  good  virtualiza¬ 
tion  road  map.  More  importantly  do  they  have  good  sys¬ 
tems  management?  What  is  their  relationship  with  inde¬ 
pendent  software  vendors  and  partners  to  make  the  hard¬ 
ware  a  solution?  We’ve  gotten  to  the  point  of  saying  servers 
are  no  longer  point  products,  but  solutions.” 

But  even  as  part  of  a  larger  package,  buyers  recommend 
enterprises  push  their  vendors  for  test  products  so  they 
can  try  out  servers  in  real-world  environments. 

“If  these  vendors  are  hungry  enough,  they  should  be 
eager  to  let  you  try  one  out  as  a  loaner  and  run  your 
application  before  you  make  any  investments,” 
Schumacher  says. 


BY  JENNIFER  MEARS 


market  by  2009. 

of  ttie  reason  for  the  growth  is  that  vendors  are  making  the  systems  more  capable 
i^sijpporting  important  business  applications.  IBM,  for  example,  earlier  this  year  intro- 
its>  BiadeCenter  H  chassis  with  support  for  InfiniBand  and  10G  Ethernet. 

^  ;|i^additidip  IBM  announced  new  blade  servers,  including  a  low-power  Xeon  blade,  aimed 
l^ippeasing  buyers  concerned  about  the  heat  output  associated  with  packing  numerous 
small  Systems  into  tight  spaces.  Egenera  also  targeted  those  heat  concerns  when  it  intro- 
iducAfj  itf  January  a  cooling  unit  called  the  CoolFrame  for  its  blade-based  systems. 
i^^yapVfhile,  HR  last  week  introduced  its  next-generation  blade  servers,  the  Blade 
^y^tpipoGlass.  which  includes  enhanced  technologies  around  virtualization,  network 
p^er.and  cdpling,  anti  systems  management.  Sun,  which  scrapped  its  product  line  last 
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Take  cost  out  of  your  business  and  increase  productivity 

No  matter  where  you  do  business. 


The  Brother  Advantage 

Comprehensive  selection 
Increased  productivity 
Lower  acquisition  costs 
Reduced  consumable  costs 
24/7/365  support  and  service 
Free  evaluation  program 


Brother  Printer,  Fax  and  Multi-Function  Center®  models  - 
designed  to  increase  productivity  while  decreasing  overhead. 

Considering  that  over  94%  of  Fortune  1000  company  employees  work  outside 
corporate  headquarters*,  equipping  them  with  a  cost-effective  solution  is,  to 
say  the  least,  a  major  challenge. 


That's  why  Brother's  Commercial  Division  is  committed  to  providing  superior 
and  reliable  imaging  solutions  that  increase  productivity  while  reducing  costs. 
This  enables  businesses  like  yours  to  effectively  address  critical  organizational 
goals  and  challenges. 


Mobile  Printing  Solutions  Labeling  Solutions 


Desktop  Laser  Solutions  Color  Laser  Solutions 


But  it  is  our  product  reliability,  coupled  with  a  responsive  nationwide  support 
and  service  network,  that  has  companies  like  yours  putting  Brother  at  the  top 
of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the  opportunity  to  put  our  resources 
to  work  for  you.  Contact  us  today  so  we  can  show  you  how  we  can  positively 
impact  your  bottom  line  while  enhancing  your  performance. 


For  more  information,  call  1-866-455-7713. 


Network  Printer  Solutions 
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Fax  Solutions 


©  2005  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  Industries  Ltd.,  Nagoya,  Japan 
For  more  information  visit  our  Web  site  at  www.brother.com 
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year,  also  plans  to  reenter  the  market  with  Operton- 
based  blades  coming  soon, Sun  executives  say 

Today  customers  have  to  make  a  number  of  com¬ 
promises  when  deploying  blades,  compromises  in  I/O 
throughput  and  other  capabilities.There  also  are  some 
complexities  in  managing  blades,” says  Graham  Lovell, 
senior  director  of  x64  systems  at  Sun.“Expect  our  next 
generation  of  blades  to  remove  those  hurdles.  We  plan 
to  make  our  blades  look  more  like  standard  servers.” 

A  growing  number  of  enterprise  customers  are  find¬ 
ing  benefits  in  blade  offerings.  Aegis  Mortgage  in 
Houston,  for  example,  decided  to  standardize  on 
blades  about  a  year  and  a  half  ago  as  a  way  to  deal 
with  data  center  space  constraints. 

Initially,  there  were  some  concerns  about  heat  output 
and  whether  the  servers  could  support  the  company’s 
number-crunching  workloads. 

“We  ran  a  cook-off  test  with  IBM,  Dell  and  HRand  it 
was  obvious . . .  they  were  great  servers,” says  Art  Beane, 
IT  enterprise  architect  at  Aegis.They  performed  really 
well  with  our  application  suite.” 

Aegis  chose  HP  and  today  has  nearly  200,  mostly 
Opteron-based,  blades  with  plans  to  replace  over  time 
the  remaining  200  or  so  rack-mounted  severs  it  has. 

Key  benefits  are  the  ability  to  hot-swap  servers 
should  failures  occur  and  streamlined  management 
using  the  same  HP  tools  that  manage  rack-mounted 
systems,  Beane  says. 

Overall  Beane  estimates  that  by  using  blades,  along 
with  virtualization,  Aegis  has  slowed  its  growth  by 
about  20%, avoiding  the  need  to  build  a  new  data  cen¬ 
ter.  “Our  cost  avoidance  works  out  to  probably  a  cou¬ 
ple  million  dollars,”  he  says. 

Aegis  is  not  alone  in  seeing  real  benefits  from 
blades,  but  analysts  caution  users  shouldn’t  rush  in  to 
blade  deployments. 

“I  have  a  lot  of  disillusioned  customers  on  blades.  I 
think  blades  were  way  overhyped  in  the  last  couple  of 
years,”  says  John  Enck,  a  research  vice  president  at 
Gartner.  “Though  1  will  say  that  the  technology  being 
introduced  this  year  is  very  interesting.” 

In  fact,  analysts  note  that  business-focused  blade 
packages,  such  as  IBM’s  offerings  for  the  retail  and 
banking  industries  that  integrate  blades  with  storage 
and  networking  components,  are  making  the  systems 
more  attractive  to  users. 

Still,  there  are  downsides. The  servers  carry  a  slight 
price  premium,  so  buying  blades  won’t  make  sense 
unless  the  plan  is  to  bring  in  around  six  or  more, 
experts  say  In  addition,  while  IBM  has  opened  up  its 
BiadeCenter  specifications  in  order  to  drive  more 
third  party  products  for  its  systems,  for  the  most  part 
blades  are  proprietary 

“You  have  to  think  about  whether  you  feel  comfort¬ 
able  with  being  —  not  locked  in  —  but  having  some 
lev  el  of  greater  vendor  commitment  than  there  is  with 
rack-mount  servers,”  says  Gordon  Haff,  an  analyst  with 
llluminata. 

The  key  is  to  consider  carefully  the  cost  benefits  of 
bringing  in  the  denser  systems,  analysts  agree.  “Make 
sni'  'here  is  a  good  return  on  investment,”  Enck  says. 

There  has  to  be  a  better  reason  to  invest  in  the  form 
factor  than  just  that  it’s  neat  and  cool.” 


BY  JENNIFER  MEARS 

or  the  IT  staff  at  Bryant 

University  in  Smithfield,  R.I.,  the  focus  for 
the  last  couple  of  years  has  been  on  con¬ 
solidation.  First  on  centralizing  servers  that 
had  been  scattered  across  the  campus  into 
two  physical  locations,  then  on  using  virtu¬ 
alization  technologies  to  consolidate  things  even  more. 

“Real  estate  is  very  tough  to  come  by  on  our  campus,” 
says  Rich  Siedzik,  director  of  computer  and  telecom¬ 
munications  services  at  the  3,600-student  school.  “So 
we’re  trying  to  consolidate  and  collapse  things  now  into 
one  physical  location.  We’re  trying  to  put  them  into  a 
much  smaller  footprint.” 

To  do  that,  the  school  is  standardizing  on  IBM 
BiadeCenter  servers  —  running  IBM  Power  and  Intel 
Xeon  processors  —  and  taking  advantage  of  virtualiza¬ 
tion  technologies.  While  IBM  Power  has  virtualization 
capabilities  built  in,  Bryant  University  is  one  of  a  grow¬ 
ing  number  of  organizations  using  VMware  —  or  other 
third-party  software  —  to  virtualize  x86-based  systems. 

VMware  created  the  market  for  x86  virtualization  in 
2001,  but  industry  experts  predict  2006  is  the  year  when 
the  technology  will  finally  take  off.  For  one  thing,  Intel 
and  AMD  are  starting  to  roll  out  chips  with  virtualization 
capabilities  baked  in. 

Silicon-supported  virtualization  will  make  software 
from  VMware,  Microsoft  and  others  run  better  and  let 
those  vendors  focus  on  higher-level  management  tools. 
It  also  will  lay  the  foundation  for  virtualization  tools 
from  others.  For  example,  the  open  source  Xen  virtual¬ 
ization  technology  will  support  Linux  and  Windows 
when  it  runs  on  virtualization-enabled  processors. 

Relegated  primarily  to  test  and  development  environ¬ 
ments  as  recently  as  last  year,  virtualization  technology 
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continues  to  advance  into  production  areas.  At  Temple 
University  in  Philadelphia, Tim  O’Rourke,  vice  president 
of  computer  and  information  services,  and  Frank 
Azuola,  assistant  vice  president  of  computer  services, 
are  trying  to  simplify  their  infrastructure,  which  now 
includes  some  300  servers. 

“During  the  past  10  years  we  have  experienced  a  lot  of 
ad  hoc  growth.  We  are  now  restructuring  our  server 
environment  to  help  us  have  a  better  grip  on  future 
growth,”  Azuola  says. “We  are  now  thinking  more  about 
integration  and  simplification  than  we  ever  have 
before.” 

In  the  past,  Temple  typically  dedicated  one  physical 
server  to  each  application  or  user  group.  Today  the 
school  of  34,000  students  looks  to  run  multiple  applica¬ 
tions  on  single  physical  systems.“We  are . . .  looking  more 
into  server  virtualization,  which  we  feel  will  allow  us  to 
operate  more  efficiently  on  a  daily  basis  and  at  the 
same  time  provide  us  with  the  ability  to  adapt  and 
grow;’ Azuola  says. 

Temple  isn’t  alone.  A  recent  Forrester  survey  of  more 
than  1,200  companies  found  that  75%  of  respondents 
are  aware  of  server  virtualization,  26%  have  implement¬ 
ed  it  and  8%  plan  to  pilot  the  technology  within  the 
next  year.  Of  those  already  using  server  virtualization, 
60%  said  they  plan  to  increase  their  use,  and  39%  plan 
to  maintain  current  deployments. 

Analysts  say  that  organizations  without  a  virtualiza¬ 
tion  plan  for  their  x86  systems  will  suffer  in  the  long 
run  as  those  platforms  continue  running  at  utilization 
levels  hovering  around  10%. Mainframes  run  as  high  as 
90%  utilization  and  Unix  servers  average  around  70%, 
analysts  say. 

“What  VMware  and  other  virtualization  solutions  do  is 
they  help  push  the  x86  utilization  up  closer  to  the  Unix 
standard  —  the  70%  to  80%  range,”  says  Charles  King, 
principal  analyst  at  Pund-IT. 

For  Bryant  University,  higher  utilization  rates  mean  a 
server  architecture  that  is  more  centralized  and  easier 
to  manage.  Siedzik  says  his  maintenance  costs  have 
been  reduced  by  as  much  as  $30,000  a  year. “What  we 
used  to  run  on  five  or  six  servers,  we  now  run  on  one 
server^  he  says,  noting  that  some  75  physical  servers 
have  been  consolidated  down  to  40.“We  believe  we  can 
get  that  down  to  30,  if  not  less.” 


Rich  Siedzik,  director  of  computer  and 
telecommunications  services,  Bryant 
University,  Smithfield,  R.l. 


“BY  UTILIZING  SUNGARD  FOR  AN 


ADVANCED  RECOVERY  SOLUTION, 

I  WAS  ABLE  TO  GET  MY  COMPANY 
BACK  UP  IN  A  MAHER  OF  HOURS, 


NOT  DAYS.” 


—  Brian  Finley,  CTO 
PSS/World  Medical  Inc. 


When  it  comes  to  being 
prepared  for  unplanned  IT 
interruptions,  you  need  to 
know  your  systems  are  either  always 
available  or  can  be  quickly  recovered. 
That’s  where  SunGard’s  Information 
Availability  solutions  can  help.  We 
deliver  the  secure  data,  systems, 
networks  and  support  you  require  to 
help  your  business  stay  in  business. 
Because  your  employees,  suppliers 
and  customers  rely  on  you  to  be 
available  every  minute  of  every  day, 
you  need  continuous  access  to 
information  no  matter  what  —  you 
need  Information  Availability. 

For  over  25  years,  businesses  have 
turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong. 
So,  it’s  not  surprising  that  they  now 
turn  to  us  to  give  them  options  to 
make  sure  they  never  go  down  in  the 
first  place.  Plus,  SunGard  offers 
solutions  that  let  you  remain  in  control 
of  your  IT  environment  and  enjoy  the 
flexibility  required  to  adjust  to  the 
changing  needs  of  your  business. 


SunGard  has  a  wide  range  of  solutions  to  meet  your  enterprise-wide  requirements.  Here  are  just  a  few  of  those  solutions: 

Server  Replication  solutions  allow  you  to  minimize  data  loss  and  recovery  time  for  your  Microsoft®  Windows®-based 
applications.  If  your  server  is  unavailable,  for  whatever  reason,  you  can  have  a  fast  and  easy  recovery  of  replicated  servers 
located  at  a  SunGard  facility.  When  your  applications,  such  as  databases,  e-mail  and  file  servers,  need  to  be  recovered 
in  less  than  24  hours,  Server  Replication  gives  you  data  center  redundancy  without  the  high  cost  of  building  your  own 
secondary  facility. 

E-Mail  Availability  Service  helps  companies  ensure  that  their  electronic  communications  are  readily  available  across  the 
enterprise  despite  situations  that  impact  the  availability  of  servers,  software,  work  facilities  or  staff.  SunGard’s  E-Mail 
Availability  Service  can  have  you  back  up  and  running  in  less  than  a  minute. 

Hosted  Exchange  Service  can  help  you  to  offload  the  complex  management  of  Microsoft®  Exchange®  servers,  licensing  and 
patch  management.  SunGard  customers  can  also  recognize  a  lower  total  cost  of  ownership*  for  their  e-mail  install  base. 

System  Recovery,  Mobile  Recovery,  Network  Recovery  and  End-User  Recovery  Services  help  you  get  back  up  quickly  when 

disaster  strikes. 

Your  job  is  to  keep  systems  and  applications  running.  Our  mission  is  to  keep 
people  and  information  connected.  Let’s  work  together.  To  learn  more,  contact  us 

at  1-800-468-7483  or  go  to  www.availability.sungard.com/masteria  and  get  your 

free  copy  of  the  book  “Mastering  Information  Availability.” 

•The  Radicati  Group.  Radicati  White  Paper  “Microsoft  Exchange  2003  Total  Cost  of  Ownership." 
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Will  you  still  need  me  Most  customers  are  waiting  for 

T  A  ThAn  TVy^  C^A  K^f9  64-bit  applications  to  arrive  before 
WI  ltil  1  1111  DtUU  ;  moving  beyond  32-bit  computing. 


BY  JENNIFER  MEARS 


MD  temporarily  jumped  ahead  of  Intel  in 
2003  when  it  introduced  its  32-  or  64-bit  Op- 
teron  chip, but  today  both  chip  makers  offer 
processors  capable  of  supporting  32-  and 
64-bit  applications. 

In  fact,  64-bit  capabilities  now  come  on 
x86  servers  as  a  given.  According  to  the  most  recent  num¬ 
bers  from  IDC,  spending  on  x86-64  systems  more  than 
doubled  in  the  fourth  quarter  of  2005,  compared  with  the 
same  quarter  of  2004.  Now  64-bit-capable  servers  account 
for  nearly  80%  of  the  total  spending  on  x86  platforms. 

However,  while  AMD  has  one  clear  product  line,  Intel’s 
situation  is  a  bit  murkier. 

Intel’s  original  64-bit  path  was  Itanium,  but  it  didn’t  sup¬ 
port  32-bit  workloads  without  performance  degradation. 
AMD’s  Opteron  provided  a  smoother  transition  to  the  64- 
bit  world,  supporting  32-  and  64-bit  applications  equally 
well.  Intel  responded  by  adding  64-bit  extensions  to  its  32- 
bit  Xeon  processor  in  2004. 

With  Xeon  dual-core  processors,  analysts  say  the  perfor¬ 
mance  of  Xeon  systems  will  continue  to  put  Itanium  at  a 
disadvantage.  In  a  recent  report,  Gartner  predicts  that  by 
the  end  of  2007  Intel  will  be  working  on  a  new  64-bit 
processor  that  will  follow  up  Xeon  and  Itanium. 

“The  server  market  is  moving  toward  processor  architec¬ 
tures  that  use  64-bit  computing,  but  Intel’s  current  proces¬ 
sor  strategy  does  not  properly  line  up,”  the  analysts  write, 
noting  that  Intel  provides  64-bit  extensions  to  Xeon,  but  so- 
called  EM64T  is  not  a  64-bit  processor  architecture. 

“We  expect  Intel  to  be  actively  developing  a  new  64-bit 
processor  product . . .  [that]  will  directly  replace  Pentium 
and  Xeon,  and  it  will  have  the  effect  of  further  limiting 
Itanium’s  future  market  share,”  the  report  says. 

At  the  same  time,  Gartner  analysts  say  enterprise  buyers 
should  feel  confident  investing  in  current  Xeon  systems, 
because  they  believe  “Intel  will  not  repeat  the  mistake  it 


made  with  Itanium  by  offering  a  new  processor  archi¬ 
tecture  with  poor  appeal  to  legacy  software.” 

As  for  Itanium  purchases,  the  analysts  recommend  IT 
organizations  limit  their  deployments  to  the  high-end 
and  midrange. 

64-bit  capabilities  in  search  of  an  application 

Regardless  of  Itanium’s  future,  the  use  of  64-bit  capabili¬ 
ties  on  x86  platforms  is  taking  off  slowly,  in  large  part 
because  of  the  need  to  wait  for  applications  that  can  take 
advantage  of  features  such  as  the  larger  memory  address¬ 
ability  available  with  the  systems,  analysts  say 

“Some  applications  —  such  as  databases  —  benefit 
more  than  others  [on  the  64-bit  platform]  ”  says  Gordon 
Haff,an  analyst  with  llluminata.“Primarily  it’s  a  question  of 
memory  ...  If  you  don’t  need  more  memory,  then  you’re 
not  going  to  get  a  significant  boost.” 

Analysts  agree  64-bit  databases  are  the  prime  candidate 
for  the  64-bit  side  of  the  x86  platform,  which  provides 
access  to  more  than  the  four  gigabytes  of  memory  that  is 
32-bit  systems’  limit.  At  the  same  time,  independent  soft¬ 
ware  vendors  (ISV)  continue  to  roll  out  products  that  sup¬ 
port  64-bits. Virtualization  specialists  VMware  and  SWsoft, 
for  example,  support  64-bit  operating  systems.  Windows 
and  Linux  have  64-bit  versions. 


While  virtualization  support  should  help  drive  interest, 
analysts  still  recommend  that  enterprise  users  make  the 
shift  slowly“I  tell  customers  to  look  at  the  transition  to  64- 
bit  in  the  Longhorn  time  frame,  which  for  Gartner  means 
2008,” says  John  Enck,  a  research  vice  president  at  Gartner. 

Mortgage  company  homes  in  on  64-bit 

Being  able  to  run  32-  and  64-bit  applications  on  the 
same  platform  makes  migration  easier. 

Art  Beane,  IT  enterprise  architect  at  Aegis  Mortgage,  for 
instance,  says  part  of  the  reason  the  Houston  company 
chose  Opteron-based  blade  servers  was  that  the  platform 
provided  an  easy  path  to  64-bit  computing. 

“When  we  bring  in  a  server  platform,  we  know  it’s  going 
to  have  to  last  us  four  years  or  so,  and  we  have  to  say 
‘What  is  the  environment  going  to  look  like  in  four 
years?”’  he  says. 

While  the  ISVs  that  provide  Aegis  its  loan-processing 
applications  are  not  yet  supporting  64-bit  platforms,  “we 
want  to  be  ready  for  it  when  it  happens,”  Beane  says.  In 
addition, Aegis  already  is  looking  at  moving  databases  that 
are  hitting  32-bit  memory  limits  to  64-bit  environments. 

“After  we  started  down  this  road,  the  CIO  came  over  and 
asked  us, ‘What  is  it  going  to  cost  us  if  we  have  to  switch  to 
64-bit?’ And, of  course, the  answer  is, ‘Nothing, ’’’Beane  says. 


x86  Server  revenue  on  the  rise 

Gartner  is  predicting  that  x86-based  server  revenue  will  continue  to  ramp  up. 
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Vendors  are  pushing  the  multicore  envelope. 

Core  competency 


BY  JENNIFER  MEARS 

Cr  ustomer  life-cycle  manage 

ment  firm  Parago  was  growing  so  fast  it  was 
running  out  of  space  in  its  data  center. 

“We  were  getting  close  to  being  maxed 
out.  Maxed  out  on  power,  maxed  out  on 
—  heat  and  maxed  out  on  pure  U  [rack 
space],’ says  Michael  Minichino, director  of  infrastructure 


at  the  Dallas  company  But  Parago  solved  its  problem  by 
bringing  in  new  multicore  systems  from  Sun. 

The  Sun  Fire  T2000,  code-named  Niagara,  is  built  on 
Sun’s  next-generation  UltraSPARC  T1  chip,  which  has  eight 
processing  cores  on  a  single  piece  of  silicon. The  server, 
made  generally  available  last  December, is  geared  for  mul¬ 
tithreaded  Web  applications  such  as  the  Java-based  soft¬ 


ware  run  at  Parago. 

“By  consolidating  on  theT2000  servers,  I  was  able  to  free 
up  a  tremendous  amount  of  space  that  eliminated  the 
need  for  me  to  go  back  to  my  [collocation  facility]  and 
do  any  sort  of  space  or  power  expansion. So  that’s  savings 
right  there,”  Minichino  says.“Looking  at  racks  that  are  allo¬ 
cated  for  servers,  I  got  half  of  that  space  back.and  in  many 
cases  we  saw  significant  performance  improvements. One 
application  improved  by  400%.” 

The  Niagara  systems  are  just  the  latest  example  of  the 
industry’s  move  toward  multicore  processors  as  a  way  to 
ramp  up  computing  power  without  getting  bogged  down 
by  the  heat  and  power  issues  that  come  with  boosting 
processor  clock  speeds. 

Instead  of  increasing  gigahertz,  multicore  chips  cram 
multiple  processing  engines  on  a  single  piece  of  sili- 
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con.  That  lets  more  work  be 
done  at  lower  clock  speeds,  with 
less  heat  output  and  lower 
power  demands.  It  also  means 
more  power  in  fewer  systems, 
resulting  in  streamlined  man¬ 
agement  and  reduced  cabling, 
early  adopters  say. 

IBM’s  Power  processor  has  been 
dual-core  since  2001, and  Sun  and 
HP  introduced  their  first  dual-core 
RISC  processors  in  2004.  Intel  and 
AMD  moved  industry-standard 
servers  into  the  multicore  arena 
last  year,  when  they  introduced 
their  dual-core  processors.  Sun’s 
Niagara  servers  take  the  multicore 
story  further. 

Smaller  companies  such  as  Azul 
Systems  are  designing  their  own 
multicore  chips. Azul’s  appliances, 
focused  on  taking  the  compute¬ 
intensive  load  off  application 
servers,  are  built  on  custom  sili¬ 
con,  with  24  cores  on  a  single 
chip.  It  plans  to  roll  out  a  second- 
generation  processor  with  48 
cores  next  year,  just  an  illustration 
of  the  extent  to  which  multicore 
platforms  can  go. 

The  multicore  processors  are 
multithreaded,  meaning  they  can 
handle  multiple  application 
instructions  at  a  single  time,  a 
nice  platform  for  multithreaded 
applications  such  as  those  writ¬ 
ten  in  Java.  Analysts  say  most 
applications  today  are  multi¬ 
threaded,  so  users  should  see  a 
significant  performance  boost 
with  the  new  multicore  servers. 
Some,  mostly  in-house  applica¬ 
tions,  however,  are  not  multi¬ 
threaded,  so  users  should  look 
carefully  at  their  software  before 
moving  to  dual-core  platforms, 
analysts  say. 

“Asking  whether  you  should  be 
considering  dual-core  chips  is  like 
asking  if  you  should  be  consider¬ 
ing  higher-frequency  processors,” 
says  Gordon  Haff,  an  analyst  at 
llluminata.“But  one  area  where  it 
will  make  a  difference  is  in  the 
short  term  where  you  still  have 
product  lines  in  which  single-core 
processors  are  running  at  some¬ 
what  higher  frequency  than  dual¬ 
core  processors.” 

Applications  getting  a  bigger 
boost  from  higher  frequencies 
should  stay  on  those  faster,  sin¬ 
gle-core  processors  for  the  near 
future.  Ultimately,  however,  all 
applications  should  be  written 
to  take  advantage  of  multicore, 
multithreaded  platforms,  ana¬ 
lysts  say. 

“When  you’re  talking  about 


dual-core  and  multicore  systems, 
it’s  an  academic  conversation, 
because  you’re  going  to  have  to 
buy  them,”  says  John  Enck,  a 
research  vice  president  at 
Gartner.  “The  question  is  when  to 
bring  them  in.” 

Enck  says  enterprises  need  not 


be  in  a  rush,  but  should  bring  in 
the  dual-core  systems  as  they 
do  their  scheduled  hardware  up¬ 
grades. 

Interest  in  multicore  servers  is 
growing,  and  Gartner  expects  the 
various  multicore  approaches  to 
be  a  differentiator  among  server 


vendors  by  next  year.  At  the  same 
time,  hurdles  remain,  not  the  least 
of  which  is  the  question  of  how 
software  will  be  licensed:  The 
definition  of  a  CPU  is  altered 
when  multiple  processing  units 
fit  into  a  single  CPU  socket. 

Independent  software  vendors 


have  made  some  progress  during 
the  past  year  or  so,  opting  to 
charge  per  socket  —  which  Micro¬ 
soft  and  VMware  are  doing  —  or 
charge  a  small  premium  for  multi¬ 
core  systems.  Once  that  issue  is 
ironed  out,  analysts  expect  to  see 
broader  adoption.  ■ 


Introducing  the  Wi-Jack  Duo',"  the  world's  smallest, 
thinnest  802.11  a/b/g  wireless  access  point.  Its 
centrally  managed  thin  AP  technology  means  better 
security  and  easier  management.  The  sleek  design 
fits  unobtrusively  into  a  standard  wall  box  and 
supports  an  optional  network  port.  Thin  is  in  for  higher 
performance  in  wireless  network  performance. 

Get  the  story  on  why  the  Wi-Jack  Duo  is  the  perfect 
wireless  solution  by  calling  800-934-5432  or  visiting 

www.ortronics.com/wi-jack 

«  EXPERTISE.  TECHNOLOGY.  SOLUTIONS. 
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BUSINESS  JUSTIFICATION 


TD  Ameritrade’s  CIO  talks  of  melding  technology  and  talent  after  a  blockbuster  acquisition. 


it  integration 


BY  JERRY  BARTLETT 


ergers,  acquisitions  and  especially  integra¬ 
tions  have  been  a  way  of  life  at  TD  Ameritrade 
Holding  Corporation,  the  company  I  have 
called  home  for  nearly  seven  years.  From  2001  to  2005 
we  took  on  seven  integrations,  and  we  were  successful 
each  time.  Last  January  we  closed  on  the  largest  deal 
in  the  history  of  our  industry  when  we  acquired  the 
U.S.  brokerage  operations  of  TD  Waterhouse  from 
Toronto  Dominion  Bank.  Our  approach  to  the  integra¬ 
tion  process  after  a  merger  has  become  standardized, 
but  each  deal  brings  its  own  set  of  challenges. 


Technology  is  absolutely  critical  to  how 
we  integrate  business.  We  promise  our 
clients  an  intuitive,  secure  and  dependable 
experience,  whether  they  want  service 
online  (as  most  of  them  do),  over  the 
phone  or  in  one  of  our  100  branches.  Our 
clients,  who  hold  more  than  six  million 
accounts  totaling  more  than  $265  billion  in 
assets,  depend  on  us  to  deliver  a  platform 
that  justifies  their  confidence  in  making 
independent-minded  financial  decisions. 

In  conducting  due  diligence  on  TD  Water- 
house,  we  realized  our  organizations  were 
quite  similar  in  culture  and  philosophy. 
Each  group  also  had  a  number  of  strengths 
to  consider.  Ameritrade  was  committed  to 
an  aggressive,  10-  to  12-week  product  cycle, 
while  TD  Waterhouse  had  the  advantage  in 
developing  advanced  tools  that  support 
operational  excellence. 

The  due-diligence  exercise  gave  us  an 
idea  of  what  the  structure  of  the  new  orga¬ 
nization  would  look  like.  More  important, 
it  helped  us  establish  organizational 
guidelines  —  manager-to-staff  ratios, 
seniority  mix  and  overall  size,  for  example 
—  that  would  help  us  make  our  personnel 
decisions.  Because  we  made  all  of  the  sys¬ 
tems  decisions  before  the  acquisition’s 
close,  we  had  the  resources  to  focus  on  a 
bigger  challenge:  ensuring  the  success  of 


our  personnel  and  cultural  integration. 
Taking  care  of  our  people  is  a  top  priority, 
whether  or  not  they  are  going  to  be  with 
us  at  the  end  of  the  day. 

We  tackled  this  challenge  according  to 
what  we  call  our  Integration  Principles.The 
first  is  fact-based  decision  making. 
Decisions  must  be  transparent  and  objec¬ 
tive  so  everyone  understands  the  biggest 
questions:  why  and  how.  We  follow  a  strict 
process  of  developing  measurement  crite¬ 
ria,  gathering  data  and  making  decisions 
based  solely  on  our  research. 

Key  is  making  human  resources  a  part¬ 
ner,  not  a  barrier.  One  of  the  things  we’ve 
learned  is  the  importance  of  determining 
who  has  the  ultimate  authority  to  make 
hard  decisions  and  communicate  them  to 
our  people.  When  working  with  two  HR 
groups,  each  with  its  own  procedures, 
identifying  a  project  lead  or  a  committee 
comprising  folks  from  both  sides  helps 
minimize  unnecessary  debate,  and  en¬ 
sures  that  decisions  are  made  and  com¬ 
municated  efficiently. 

Our  second  principle  is  managing  people 
with  respect.  We  make  a  conscientious 
effort  to  treat  everyone  fairly  Early  on  we 
started  delivering  weekly  communications, 
explaining  our  decision-making  processes 
and  providing  status  updates  and  check- 


Jerry  Bartlett,  TD  Ameritrade  CIO,  says, 
“Having  an  open-door  communications  policy 
helps  put  people  at  ease  and  diminishes  lev¬ 
els  of  uncertainty  in  times  of  change.” 

points.  Building  credibility  with  the  staff  of 
the  acquired  company  was  a  crucial  step. 

Within  30  to  45  days  after  announcing 
the  acquisition  last  June,  I  was  hosting 
small  meetings  with  TD  Waterhouse  tech¬ 
nology  associates  to  help  them  under¬ 
stand  our  philosophy  and  processes  relat¬ 
ed  to  the  integration.  I  explained  our  com¬ 
mitment  to  people,  and  associates  could 
ask  questions,  air  concerns  and  receive 
candid  feedback.  Having  an  open-door 
communications  policy  helps  put  people 
at  ease  and  diminishes  levels  of  uncer¬ 
tainty  in  times  of  change. 

When  people  lose  interest  in  their  work, 
things  fall  through  the  cracks,  endangering 
the  organization’s  success.  Although  we  are 
focused  on  the  integration,  we  still  have  a 
number  of  other  initiatives  to  deliver  on: 
caring  for  our  clients,  developing  new  prod¬ 
ucts  and  ensuring  our  work  behind  the 
scenes  has  no  impact  on  the  business’s 
daily  operations.  So  we  work  diligently  to 
help  our  people  stay  focused  and  on  task, 
reminding  them  never  to  jump  to  prema¬ 
ture  conclusions.  The  worst  thing  that  can 
happen,  whether  or  not  you  are  in  the  mid¬ 
dle  of  integrating,  is  discovering  your  peo¬ 
ple  are  disengaged. 

The  challenge  is  that  you  never  know 
what  will  trigger  disengagement,  nor  do 
you  know  who  will  be  affected.  We  had  an 


individual  who  was  prepared  to  resign 
because  he  could  not  deal  with  the 
uncertainty  of  the  selection  process.  This 
was  an  individual  whom  technology  man¬ 
agement  acknowledged  as  one  of  our  top 
performers.  We  had  no  way  to  predict  his 
reaction,  but  we  were  ready  to  address  his 
concerns.  Through  communication  and 
extra  attention,  we  were  able  to  reassure 
this  individual  TD  Ameritrade  was  a  place 
that  needed  him  and  would  continue  to 
challenge  him  professionally 

We  started  the  integration  with  a  com¬ 
bined  team  of  about  800,  and  we  expect 
that  number  to  decrease  by  one-third.  We 
also  are  in  transition  from  four  data  centers 
to  two,  keeping  the  legacy  Ameritrade  facil¬ 
ities  in  Kansas  City,  Mo.,  and  Secaucus,  N.J. 
On  April  24  our  units  merged  to  form  one 
broker-dealer,  TD  Ameritrade,  which 
marked  the  beginning  of  the  technological 
integration  that  will  culminate  with  all 
client  information  being  integrated  in  one 
Web  site  early  next  year. 

Now  we  are  focused  on  building  our  cul¬ 
ture.  I  still  meet  with  associates  regularly 
and  we  have  hosted  a  number  of  team¬ 
building  exercises.  We  also  insist  that  our 
people  participate  in  professional  and  lead¬ 
ership  development  training.  They  are 
thrilled  to  be  a  part  of  something  special. 

Don’t  get  me  wrong;  we  still  have  a  lot  of 
work  to  do  in  building  a  cohesive  team. 
Some  people  in  our  organization  today  are 
here  indefinitely  while  others  are  here  only 
temporarily,  yet  we  make  no  distinctions 
between  these  groups.  We  continue  to 
focus  on  employee  wellness  and  team¬ 
building,  and  we  communicate  every 
chance  we  get.  At  the  end  of  the  day,  it  is  our 
people  who  matter  the  most.  The  rest  will 
fall  into  place. 

Bartlett  is  CIO  of  TD  Ameritrade.  He  can 
be  reached  at  jerryb@tdameritrade.com. 
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Bartlett  talks  about  his  company’s  tape  encryption 
efforts. 
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AAA  East  Central  Advances  Troubleshooting  with  Observer 


Although  advanced  network 
troubleshooting  tools  are  readily 
available,  many  IT  professionals 
continue  to  take  the  old  "trial  and 
error"  approach  to  solve  problems. 
This  is  bad  for  users,  customers,  and 
the  bottom  line.  The  American 
Automobile  Association  (AAA)  East 
Central  shows  how  following  a 
proven  troubleshooting  methodology 
translates  into  cost  savings  (ana 
happier  users  and  customers). 

To  get  better  coverage  for  the  entire 
network  and  still  stay  within  budget, 
AAA  East  Central  CIO  Portia  Ulinski 
deployed  Network  Instruments' 
Observer®  Suite  along  with  60  probes 
across  the  entire  network  infrastructure. 

"We  realized  how  important 
it  was  to  monitor  all  network 
communication  at  the  time  destructive 
viruses  such  as  sobig  and  mydoom 
were  hitting  companies  around  the 
world,"  Ulinski  said.  "With  Observer, 
we  can  see  problems  as  they  emerge 
and  eliminate  them  before  they 


have  a  chance  to  affect  the  network." 

Knowing  what  device  is  causing  an 
unusual  amount  of  activity  can  be  the 
key  factor  in  resolving  a  situation. 


Observer's  Top  Talkers  feature  shows 
the  current  activity  for  every  device  on 
the  network  in  real  time. 

"We  consistently  use  Top  Talkers  to 
track  the  total  amount  of  stats  for  each 
office  to  see  if  there  is  any  unusual 
activity,"  said  Coleman  Jennings, 
senior  network  engineer.  "It's  a  big 
problem  when  a  device  other  than 
servers,  routers  or  anyone  in  the  IT 
department  ranks  high  on  Top  Talkers." 

There  could  be  a  number  of  reasons 


someone  tops  the  list.  In  one  case, 
Jennings  identified  an  end  user 
transferring  a  large  number  of  files  to  a 
server.  He  investigated  further  and 


Portia  Ulinski,  CIO,  AAA 

discovered  that  an  employee  was 
backing  an  entire  hard  drive  to 
that  server. 

"Through  Top  Talkers  I  was  able  to 
track  down  the  person  who  was 
transferring  all  that  data"  Jennings  said. 
"Had  I  not  stopped  that  person,  all  the 
activity  would  have  overloaded 
the  system." 

On  another  day,  an  application 
responsible  for  providing  Emergency 
Road  Service  stalled.  Without  that 


application,  services  get  delayed, 
which  can  leave  customers  stranded  at 
the  roadside  for  an  extended  period 
waiting  for  help.  Jennings  drilled  down 
with  Observer's  Connection  Dynamics 
for  a  packet-by-packet  display  of  the 
application's  communication  with 
each  client. 

"The  time  analysis  clearly  showed 
there  was  a  problem  with  the 
application,  which  I  was  able 
to  immediately  address-restoring 
full  service  to  our  customers," 
Jennings  said. 

Observer  monitors  network 
communication  around  the  clock  to 
ensure  that  AAA  East  Central 
constantly  receives  the  information 
resources  needed. 

"Observer  is  like  having  an 
employee  on  site  at  all  hours  to 
manage  the  network,"  Ulinski  said. 
"We've  been  very  satisfied  with  its 
capabilities.  So  far  Observer  has 
prevented  us  from  experiencing  any 
downtime." 


“Observer  is  like  having  an  employee 
on  site  at  all  hours  to  manage  the 
network,  we’ve  been  very  satisfied 
with  its  capabilities.” 


Observer  is  the  only  fully  distributed  network  analyzer  built  to  monitor  the  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN). 
Download  a  free  Observer  1 1  demonstration  today.  Visit  www.networkinstruments.com/analyze  to  learn  more. 

US  &  Canada  toll  free  800-526-5958  fax  952-358-3801  UK  &  Europe  +44(0)  1959  569880 
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No  software  licensing  fees,  Secure  your  Data  Center, 
Manage  remote  offices  from  wherever  you  are. 

State  of  the  art  security 
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^  _  Dependable,  Powerful,  Secure,  Guaranteed 

—  24/7  Mission  Critical  Reliability 

Industry  Best  Video  Resolution 

::  UltraLink™  uSB  ps,2,  ser.a,  supper* 

Single,  Dual,  Quad  Models  U™,  '  h 
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::  Ultra  Matrix™ 

Remote 


::  Crystal  View™ 


::  RackView™  Sun 


::  RackView™ 


control  up  to  1,000  computers  and 
network  devices  over  IP 
State  of  the  art  security 
High  resolution 
On-screen  menu 
USB/ PS2 
Serial  Access 


control  up  to  1,000  computers  and 
network  devices 
Security  system 
High  resolution 
On-screen  menu 
Multi-platform  /  Serial  Support 


Extends  keyboard,  video,  and 
mouse  signals  up  to  33,000  feet 
Fiber  /  CATx 
DVI/ VGA 
PS2  /  USB 
High  resolutions 


Rack  Drawer  KVM,  1U  or  2U 
15",  17"  or  20",  VGA 
PS/2  or  USB 
Touchpad  or  Trackball 
TFT  Optional  Touchscreen 
W/  KVM  Switch 


Panel  Mount  LCD 
15",  17",  19",  or  20" 

VGA  /  (DVI  /  S-VIdeo  19"  only) 
TFT  Optional  Touchscreen 
W/  Extenders 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTONICS  10707  STANCH FF  HOUSTON,  TEXAS  77099 
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Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  infoWorid 

♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and- 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 


dtSearch  vs.  the  competition: 

dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 

Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 

Results:  “customer  response  has  been 
phenomenal” 

For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 

The  Smart  Choice  for  Text  Retrieval®  since  1991 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  — Computer  Forensics: 
incident  Response  Essentials 

‘Super  fast,  super-reliable” 

— -  The  Wall  Street  Journal 

‘A  powerful  arsenal  of  search  tools” 

—  The  New  York  Times 

‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 


'com 


The  Truth  about  Secure-Out-Of-Band 


Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RADIOS,  TACACS+-  and  other  in  band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  offer  only  network  security, 
which  conflicts  with  out  of  band  access. 

A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 
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CD!  offers: 

®  Hardware  encryption  over  dial-up 
and  network  connections 

•  RSA  certified  SecurlD  authentication 
without  a  network. 

•  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  e-n 

Remote  Power  control  e-n 

Homologous  world-wide  approved  •-ri 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


ii  Communication  Devices  Inc. 
www.outofbandmanagement.com 
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Yellowjacket@  Hive 
Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
5.  solution 


Berkeley  Varitronics  Systems  Metuchm.  NJ  08840 
(732)  548-3737  www.bvsystems.com 


Shown  with 
optional 
Direction 
Finder 


yeuowMCkn 

802.1  Ibg  W-LAN  ANALYZER 

>  2.4  GHz  (802.11b  &  g)  SPECTRUM  ANALYSIS 

>-  Locate  hackers  and  rogue  AP’s 
>■  Pinpoint  specific  interference  sources 
>•  Install  &  secure  Wi-FI  networks 


Yellowjacket® 
Hive  screen 
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Monitor  the  REST  of  your  Computer  Room! 


Water  on  the  Floor 

Temperature 

Power  Problems 

Security 

Smoke  and  Fire 

Humidity 

Video 

And  much  more 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 
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Dealers  Wanted 


Power  Ethernet 
Control  Port 
Interface 


Internal  Voice, 
Modem 
&  Pager  Port 


Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 

Expandable 
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TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


CT> 


Copper  nTAPs 

10/100 . $395 

10/100/1000 . .S99S.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . 


$1,495 


Optical  nTAPs 

One-Channel . $39?  ....$295 

Two-Channel . 579tf  ....$575 

Three-Channel .... $LT8!>  ....$845 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery* 


P£  C€ 


*Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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France  Telecom  Long  Distance  USA  (Herndon,  VA)  seeks  Senior  Engineer  respon¬ 
sible  for  implementations  of  large,  strategic,  global  peering  network  interconnections 
with  France  Telecom's  IP  core  networks  in  the  Americas  including  feasibility  study, 
cost  management,  interconnection  upgrades  and  downgrades.  Responsible  for 
IP-Network  migration  projects  including  backbone  architecture  proposals.  Provide 
engineering  solutions  including  network  configuration  solutions  involving  BGP. 
Contribute  to  budget  evaluation  of  site  redesign,  field  services  ordering,  traffic  growth 
forecasting,  billing  validations  and  resolving  billing  disputes.  Responsible  for  IS 
proposals  and  new  process  presentations  for  solving  discrepancies  and  evaluating 
scope  of  activities  assigned  to  different  operational  teams.  Follow  up  on  internet 
traffic  flow  monitoring  to  ensure  equitable,  bilateral  traffic  exchange  between  France 
Telecom  and  peering  partners.  Must  have  a  Master’s  degree  or  foreign  equivalent  in 
engineering,  mathematics,  telecommunications  or  a  directly  related  field  and  at  least 
1  year  of  experience  in  global  telecommunications  network  engineering.  Prior 
experience  must  include  global  peering  network  interconnection  implementation, 
network  configuration  using  BGP,  and  monitoring  of  internet  traffic  flows.  Please  fax 
resume  to  703-925-4716  Attn  Job  Code  NW0506AL 


ONE  PHONE  SYSTEM 

for  many  branch  offices 

md  <ommuni<ations 

A  Citel  Company 

MCK  EXTenders 

New,  Refurb, 
Installation,  Support 


Fluke  Networks  (Visual  Networks) 
in  Rockville,  MD  seeks  a  qualified 
Build  Engineer.  Requires  BS  in 
CS,  EE,  or  foreign  degree  equiva¬ 
lent;  3  years  assessing  new 
software  releases  through  experi¬ 
mentation  prototyping  and  review¬ 
ing  docs  and  online  resources;  2 
years  managing  Windows-based 
servers  and  PCs;  and  2  years 
programming  in  Perl,  InstallShield, 
Java,  and  C++.  Experience  may 
be  gained  concurrently. 

Apply  at  www.flukenetworks.com 


Customer  Service  Manager-France  Telecom  Long  Distance  (Herndon,  VA)  to  provide 
global  telecom,  post-sales  operational  support  to  telecom  carriers  on  a  portfolio  of 
voice  and  data  products  and  services.  Facilitate  the  resolution  of  trouble  reports  and 
suggest  and  implement  improvements/enhancements  to  products  and  services 
involving  Nortel  and  Ericsson  voice  switches,  Voice  Over  Internet  Protocol  (VOIP), 
and  transmission  networks.  Educate  customers  on  product  service  guidelines  and 
trouble  reporting.  Monitor  service  level  agreement  (SLA)  achievements  and  work  with 
Operations  and  customers  to  improve  performance.  Provide  explanations  for 
outages,  SLA  credit  calculations,  OTI  utilization  reports,  ASR  reports  and  other 
service  related  reports.  Interface  with  customers,  Sales  and  internal  organizations  in 
France  to  ensure  customer  satisfaction  with  service  and  provide  corrective  actions. 
Provide  technical  pre-sales  support  to  Sales  team  in  order  to  win  new  accounts  and 
expand  existing  accounts.  Must  have  Bach  deg  or  foreign  equiv  in  Telecom,  CS  or 
Eng'g  &  at  least  5  yrs  progressively  responsible,  post-baccalaureate  experience  in 
telecom  technical  support.  Prior  experience  must  include  global  telecom,  customer-  I 
facing  technical  support  for  Nortel  &  Ericsson  voice  switches,  Voice  Over  Internet 
Protocol  (VOIP),  &  transmission  networks.  Must  speak,  write  &  read  English  & 

French  fluently.  Please  fax  resume  to  703-925-4716  attn:  job  code  NW0506JS.  ! 
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Healthcare 
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technology  from  PassFaces. 

Healthcare  providers,  not  often 
viewed  as  IT  innovators,  are  be¬ 
coming  increasingly  aggressive 
and  creative  about  network  secu¬ 
rity  Their  efforts  go  hand  in  hand 
with  regulatory  requirements  to 
safeguard  patient  data,  and  rec¬ 
ognize  that  wireless  and  other 
technologies  fit  the  mobile  jobs 
of  doctors  and  nurses. 

Kettering  Medical  Center  Net¬ 
work  in  Dayton,  Ohio,  has  em¬ 
braced  wireless  for  staff  and 
patients.lt  is  adopting  fingerprint 
biometrics  to  secure  patient  data. 


At  Italian  hospital  Maggiore, 
Tiomed's  Palmed  device  is  used  to 
read  the  car  code  of  a  test  tube. 


The  organization,  which 
includes  five  major  hospitals  and 
numerous  smaller  facilities  for  a 
total  of  about  7,000  employees, 
last  month  began  installing  Cisco- 
based  wireless  LAN  (WLAN) 
technology  The  rollout  will  pro¬ 
vide  nurses  and  doctors  with  lap¬ 
tops  on  carts  and  mounted  on 
walls  that  will  require  fingerprint 
biometrics  for  authentication  for 
access  to  patient  data. 

The  Centillion  single-sign-on 
software  used  for  the  project  will 


let  authorized  staff  bring  up  elec¬ 
tronic  records  from  where  they’re 
stored  in  Ketterings  primary  data 
center,  says  Bob  Burritt,  director 
of  technology 

Once  the  network  is  up,  Ketter¬ 
ing  will  provide  wireless  hot 
spots  for  patients  seeking 
Internet  access. 

Memorial  Healthcare,  a  1,000- 
employee  hospital  in  Owosso, 
Mich., is  a  few  steps  ahead.  It 
already  has  a  segmented  WLAN 
for  use  by  patients  and  staff. The 
hospital  also  has  put  about  100 
computers  in  hospital  rooms  for 
use  by  staff  caring  for  patients. 
The  latest  round  of  innovation  at 
Memorial  came  in  January  when 
nurses  were  given  RFID-based 
badges  to  wear  that  automatically 
lock  computers  when  they  walk 
away  from  them.  (Read  about 
how  another  hospital  is  using 
RFID  to  safeguard  blood  transfu¬ 
sions,  above.) 

“There’s  now  a  USB  antenna  in 
the  computer,  and  they  walk  a 
certain  distance,  it  locks,”  says 
Project  Manager  Frank  Fear,  citing 
Memorial’s  use  of  software  from 
Ensure  Technologies. 

Hospital  staff  have  to  authenti¬ 
cate  with  a  fingerprint  biometric 
to  gain  access  to  computers.To 
simplify  electronic-records 
access  for  the  nurses,  Memorial, 
with  help  from  Citrix  and  single 
sign-on  firm  Imprivata,  added  a 
way  to  have  the  nurses’  electronic 
patient  records  roam  with  them 
from  room  to  room. 

“Before,  they  had  to  go  pull  up 
each  patient’s  record  from  sever¬ 
al  databases  each  time  they 
entered  a  new  patient  room,”  Fear 
says.“Our  philosophy  in  this  pro- 
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Hospital  finds  a  bloody  good  RFID  application 


RFID  tags  and  readers  most  commonly  are 
associated  with  tracking  goods  in  manufac 
turing  and  warehousing,  but  hospitals  are 
starting  to  apply  RFID  for  a  new  purpose:  track¬ 
ing  blood. 

At  Italian  hospital  Ospedale  Maggiore  in 
Bologna,  Dr.  Daniele  Luppi  says  patients  last 
month  began  wearing  RFID-based  wristbands, 
each  containing  a  unique  alphanumeric  code. 

"A  similar  RFID  module  embedded  in  adhesive 
labels  is  used  for  identifying  the  request  form  for 
blood  units  and  operators,"  the  transfusion  spe¬ 
cialist  says. 

A  pocket-based  computer  called  the  Palmed, 
an  RFID  reader  that  can  be  used  only  after  a  fin¬ 
gerprint-based  biometric  authentication  is  com¬ 
pleted,  can  read  the  identifications  of  the  patient 
and  the  blood  unit  being  used  in  any  transfusion. 

If  the  unique  identifiers  on  the  patient  and  the 
blood  unit  are  a  match,  a  wireless  electronic  seal 


on  the  blood  unit  is  released,  permitting  the 
transfusion  to  occur.  The  check  for  the  correct 
match  is  made  through  a  server  running  soft¬ 
ware  from  Italian  firmTiomed,  which  designed 
the  system  for  the  hospital  using  RFID  technolo¬ 
gy  from  U.S. -based  SkyeTek. 

Using  RFID  as  a  fail-safe  mechanism  in  blood 
transfusion  improves  security  because  in  the 
past,  accuracy  has  always  relied  on  "the  atten¬ 
tion  of  the  operator,”  Luppi  says.  "Human  atten¬ 
tion  does  not  remain  constant  over  time."  The 
RFID-based  mechanism  prevents  human  error 
that  can  turn  into  "serious  incidents,"  she  says. 

Sonia  Rubertelli,  operations  manager  atTiorned, 
says  European  laws  require  the  tracking  of  blood 
transfusions  from  donor  and  blood  bank  to 
patient,  and  the  Tiomed's  RFID-based  transfusion 
safety  system  also  helps  in  automating  informa¬ 
tion  related  to  tracking  the  blood  supply. 

—  Ellen  Messmer 


ject  is  security  needs  to  be  cou¬ 
pled  with  convenience.” 

One  challenge  Memorial  has 
encountered  in  using  the  radio 
frequency-based  proximity 
badges  is  that  nurses  easily  adapt 
to  them,  but  physicians  find  it 
harder  because  their  schedules 
more  frequently  have  them  on 
the  go  outside  the  hospital. 

New  York  Presbyterian  Hospital 
also  is  taking  IT  security  seriously 
adopting  the  sort  of  network  ac¬ 
cess  control  technology  that 
many  organizations  are  still  only 


thinking  about  using. 

New  York  Presbyterian  has  a 
system  that  includes  8,000  asso¬ 
ciated  physicians  and  14,000 
other  network  users  who  can 
access  records  in  databases  in 
a  mid-town  data  center  con¬ 
necting  the  organization’s  two 
main  hospitals  via  private-line 
dark  fiber  in  Manhattan  and 
the  Bronx. 

Earlier  this  year  New  York 
Presbyterian  deployed  appli¬ 
ances  from  start-up  Counter- 
Storm  that  plug  into  a  switch  to 


monitor  traffic  and  shut  down 
port  access  to  infected  machines. 
The  appliances  use  anomaly 
detection  rather  than  signature- 
based  recognition  to  spot  in¬ 
fected  machines  or  attacks  and 
shut  off  access  to  ports. 

“We  wanted  to  move  to  the  pre¬ 
vention  side,”  says  Soumitra 
Sengupta,  information  security 
officer  at  the  hospital.“We  had 
been  using  intrusion-detection 
systems  but  we  were  getting  a 
large  amount  of  fake  positives  in 
terms  of  alerts.”  ■ 


VoIP 

continued  from  page  10 

with  minimal  risk  of  discover/  the  report  says. 

If  misused,  the  technology  could  yield  identity 
information  about  individuals  as  well  as  passwords, 
according  to  the  report. 

The  safest  way  to  avoid  traffic  being  compro¬ 
mised  is  to  encrypt  it  either  via  VPNs,  as  the  report 
notes,  or  from  end  device  to  end  device,  says  Phil 
Zimmermann,  the  creator  of  Zfone,  software  that 
does  just  that. 

CALEA  may  represent  a  potential  VoIP  vulnerabil¬ 
ity  but  it’s  not  the  only  one.“You  could  have  one  of 
the  computers  in  your  office  infected  with  spyware 
that  monitors  traffic  going  by,  including  voice  pack¬ 
ets,”  Zimmermann  says. 

“The  spyware  could  be  organized  to  sort  who 
calls  whom,  so  whoever  put  the  spyware  there 
could  pick  and  choose  whom  they  want  to  listen 
to.  It  would  be  pick-and-choose  wiretapping  from 
the  other  side  of  the  world,”  he  continued.  So 
encrypting  all  VoIP  traffic  that  must  be  kept  secret 
makes  sense. 

Tapping  specific  VoIP  calls  would  be  difficult,  says 
Dave  Thomas,  CEO  of  hosted  service  provider  Tele¬ 


sphere  Networks,  in  Scottsdale,  Ariz.“lf  you  wanted  to 
listen  to  a  specific  user,  you'd  have  to  know  the 
[media  access  control  (MAC)]  addresses  associated 
with  the  call,”  he  says.  Without  those,  given  that  indi¬ 
vidual  devices  can  call  from  anywhere  they  are 
attached  to  the  Internet,  sorting  individual  calls 
would  be  nearly  impossible. 

Thomas  says  in  special  cases  like  his  own  business, 
which  hosts  call  center  applications,  he  knows  the 
MAC  address  of  each  machine  involved  so  he  could 
readily  track  calls  to  and  from  them.  But  generally 
this  cannot  be  known,  he  says.B 


nww.com 

VoIP  event 

The  VoIP  Payoff:  Convergence  &  Collaboration  -  Capitalizing  on 
the  New  Benefits  of  Real-Time  Networks  is  the  place  to  find 
how  video  over  IR  unified  messaging,  and  collaborative  apps 
take  VoIP  to  the  next  level.  It's  the  Network  World  LIVE 
Technology  Tour  event  coming  m  June. 

www.RwdMfnHkr.un/3169 
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OLPC:  If  you  won’t  contribute,  step  aside 


The  much  hyped  $100 
laptop  from  the  One 
Laptop  Per  Child  project 
(OLPC,  see  www.nwdoc 
finder.com/3939),  is  con¬ 
sidered  by  most  people  to  be  a  pretty  good  idea. 

The  theory  is  that  an  effective,  high-tech  teaching 
tool  that  can  be  distributed  to  Third  World  popula¬ 
tions  at  low  cost  and  doesn’t  need  a  huge  service 
infrastructure  will  improve  not  only  education  but  ulti¬ 
mately  the  economies  of  the  countries  where  it  is 
deployed. 

However,  not  everyone  agrees  this  is  a  good  idea. 

Eugene  Kaspersky,  founder  and  head  of  anti-virus 
research  for  Kaspersky  Labs,  steps  forward  as  the  latest 
naysayer  in  an  opinion  piece  dated  June  13  on  the 
company’s  Web  site  (www.nwdocfinder.com/3940). 

In  the  piece  about  changes  in  the  anti-virus  industry, 
Kaspersky  opines:“A  particular  cause  for  concern  is 
programs  which  advocate  ‘cheap  computers  for  poor 
Third  World  countries’  —  these  further  encourage  crim¬ 
inal  activity  on  the  Internet.  Statistics  on  the  number  of 
malicious  programs  originating  from  specific  countries 
confirm  this: The  world  leader  in  virus  writing  is  China, 
followed  by  Latin  America,  with  Russia  and  Eastern 
European  countries  not  far  behind.” 

Either  Kaspersky  is  courting  publicity  in  a  shameless 
manner  or  he  is  guilty  of  drawing  false  conclusions 


from  the  data.  Certainly  the  assertion,  that  current 
trends  driven  by  a  predominantly  Windows  PC  environ¬ 
ment  can  be  extrapolated  to  apply  to  the  OLPC,  a 
device  that  isn’t  planned  to  run  Windows,  is  a  stretch. 

In  fact,  considering  current  Third  World-originated 
computer  crime, such  as  the  Nigerian  41 1  scam,  the 
largest  risk  would  probably  be  from  scammers  and 
phishers:  And  that’s  a  small  price  to  pay  for  improving 
the  world. The  OLPC  project  has  the  potential  to  trans¬ 
form  life  for  many  children  and  adults,  and  that  far 
outweighs  the  potential  it  might  have  for  virus  and 
malware  writers. 

Kaspersky  is  the  third  person  to  get  publicity  on  this 
topic.  The  other  two  are  Craig  Barrett,  Intel’s  chairman, 
who  said, “I  think  a  more  realistic  title  should  be  ‘the 
$100  gadget’”  back  in  December  ’05  when  Advanced 
Micro  Devices  was  chosen  as  the  processor  supplier 
(aha!),  and  Microsoft’s  Bill  Gates. 

Gates,  speaking  at  the  World  Economic  Forum  in 
Davos,  Switzerland,  in  January  argued  that  smart  cell 
phones  plugged  into  televisions  and  augmented  by 
keyboards  would  be  a  better  vehicle  for  computer¬ 
enabling  the  Third  World  than  a  PC-style  device.In  fact, 
Gates  was  downright  critical  of  the  OLPC  and  com- 
mented:“If  you  are  going  to  go  have  people  share  the 
computer,  get  a  broadband  connection,  and  have  some¬ 
body  there  who  can  help  support  the  user.  Geez,  get  a 
decent  computer  where  you  can  actually  read  the  text 


and  you’re  not  sitting  there  cranking  the  thing  while 
you’re  trying  to  type.”  (The  “cranking”  reference  alludes 
to  an  early  design  of  the  computer  that  featured  a 
hand-crank  power  option,  now  replaced  by  a  foot-pow¬ 
ered  generator.) 

Gates’  argument  has  to  be  taken  with  more  than  a 
pinch  of  salt.  It  came  after  Microsoft’s  offer  of  an  open 
source  version  of  Windows  CE  for  the  OLPC  was  turned 
down  in  favor  of  Linux  (aha!  again). 

Given  there’s  a  huge  number  of  people  with  signifi¬ 
cant  political  and  economic  power  behind  the  project, 
wouldn’t  it  be  a  better  strategy  to  support  the  initiative 
rather  than  try  to  derail  it  with  what  appears  to  be  a 
self-serving  and  disingenuous  counterproposal? 

As  for  Kapersky,  my  money  is  on  his  comments  being 
a  bad  piece  of  thinking  as  well  as  disingenuous  publici¬ 
ty  seeking.  But  whatever  is  behind  it,  Kaspersky  is  just 
as  wrong  about  the  OLPC  as  Gates  is. 

Even  if  the  OLPC  project  is  flawed  in  some  way  it  isn’t 
so  flawed  that  it  isn’t  viable.  Moreover,  there’s  no  alter¬ 
native  that  comes  close  to  addressing  the  obvious  need 
for  high-tech  Third  World  educational  support. 

The  OLPC  is  needed  now,  and  those  who  don’t  have 
anything  sensible  or  practical  to  add  should  act  respon¬ 
sibly  and  get  the  heck  out  of  the  way. 

Will  the  OLPC  make  a  difference?  Opine  on  Gibbsblog 
or  write  to  backspin@gibbs.com. 


Apple’s  PR  black  eye 


BY  MELISSA  SHAW 

Apple’s  all  about  justice,  recycling 
and  all  that  good  stuff,  so  why  are 
iPods  being  assembled  in  Chinese 
sweatshops? 

The  United 

Kingdom’s  Sunday  Mail  took  a  look  inside  the  factories  where 
iPods  are  assembled  and  found  employees  work  15-hour 
days  and  are  paid  $50  a  month  — “miserable  even  by 
China’s  standards.” 

The  story  which  isn’t  available  online  (How  quaint — 

Ed.)/c laims  [employees]  work  and  live  in  the  plant, 
in  dormitories  housing  100  people,  and  outside  visi¬ 
tors  are  forbidden,”  notes  Wired  News. 

Apple  says  it’s  investigating  the  newspaper’s  claims. 
v*w,Rwdocfinder.coin/3941 ) 

Sysadmin  trashes  employer's  net 

If  you’ve  ever  fantasized  about  trashing  your  company’s  network,  meet  a  guy  who  did  it. 
Roger  Duronio,63,of  Bogota,  N.J.,was  angry  that  his  expected  $50,000  bonus  was 

only  $32,000.  Fbor  baby. 

So  like  you  do,  the  system  administrator  allegedly  crafted  a  logic  bomb  of  gigantic 
proportions, which  wiped  out  2,000  servers  and  affected  400  branch  offices  of  gigantic 
financial  firm  UBS  Paine  Webber. 

Unfortunately  for  the  trading  firm,  its  backup  systems  failed,  countless  files  were  lost 
and  the  whote  network  was  down  for  a  day.  Oh,  and  it  cost  $3.1  million  to  get  the  net¬ 


work  back  up  again,  and  remember,  it  was  only  down  for  one  day. 

Even  more  unfortunate  is  the  fact  UBS  asked  the  judge  to  keep  Duronio’s  current  trial 
on  the  down-low  so  its  customers  won’t  freak  out.  Obviously  the  judge  said, “Too  bad,” 
which  is  why  you’re  reading  this. 

Duronio  is  floating  the  classic  “I  didn’t  do  it”  defense. 
www.nwdocfmder.com/3942 

Can  you  hear  the  antiadult  ringtone? 

The  ringtone  that  only  teens  can  hear,  which  started  in  the  United  Kingdom,  has 
crossed  the  pond  and  now  is  surfacing  in  the  United  States.  According  to  The  New  York 
Times,  the  Mosquito  ringtone  has  surfaced  at  the  swanky  Trinity  School  in  Manhattan, 
which  we  recently  heard  was  the  most  expensive  private  high  school  in  the  country. 

Then,  in  the  most  backwards  move  ever,  it  went  from  the  Upper 
West  Side  to  Long  Island.  Wrong  way! 

Anyway  here’s  an  MP3  of  the  ringtone  (www.nwdoc 
finder.com/3943),  which  we  can  hear.  So  either  1)  We’re  far 
more  youthful  than  we  thought,  2)  We  have  bat-like  hearing  or 
3)  This  is  a  load  of,  um,  we’ll  go  with  “hooey’ 

In  our  humble  opinion,  they  should  rename  this  ringtone 
“Cranky  Compaq  Crashes,”  because  it  makes  pretty  much  the 
same  noise  as  our  standard-issue  Network  World  laptop  just 
before  it’s  about  to  give  up  the  ghost. 
www.nwdocfinder.com/3944 

Shaw  can  be  reached  at  Iayer8@nww.com.  ’Net  Buzz  Columnist  Paul  McNamara  is 
on  vacation  this  week.  His  regular  column  will  return  next  week.  Layer  8  can  be  found 
daily  at  www.networkworld.com/weblogs/layer8/. 


.INFRASTRUCTURE  LOG 


_DAY  49:  Things  are  out  of  control.  Our  system  is 
just  not  secure,  flexible  or  reliable  enough.  Gil 
bought  some  “infrastructure  bloodhounds”  online.  He 
says  they  can  sniff  out  any  problem. 

_DAY  50:  They  can’t.  But  IBM  Tivoli  Express  middleware 
can.  It’s  a  series  of  I.T.  management  solutions  designed 
and  priced  for  mid-sized  businesses.  Secure,  boosts 
uptime,  and  protects  our  data  with  automated  backups. 
We  even  got  help  customizing  and  implementing  it. 

_DAY  52:  Remind  Gil:  Bloodhounds  not  as  good  at  sniffing 
out  problems  as  they  are  at  chewing  Ethernet  cables. 


Tivoli.  Express 


Get  the  Guide  to  simple,  fast,  secure  I.T.  Management  at: 

IBM.COM/TAKEBACKCONTROL/SIMPLE 


IBM.  the  IBM  logo,  Tivoli  and  Express  Middleware  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 


IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation. 
SAP  is  a  registered  trademark  of  SAP  AG  in  Germany  and  in  several  other  countries  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliate?.  All  rights  reserved. 
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WebSphere 


.INFRASTRUCTURE  LOG 

_DAY  8:  I  give  up.  Our  infrastructure  is  so  inflexible. 
Our  apps  and  processes  don’t  work  together.  We  can’t 
respond  quickly  to  change.  It’s  out  of  control. 

_Gil  had  an  epiphany.  Duct  tape.  A  few  dozen  rolls  later 
and  he’s  integrated  everything,  and  everyone,  by  hand. 

_DAY  10:  Duct  tape  can  fix  many  things.  Basketballs. 
Sofas.  Doorknobs.  But  not  widespread  app  and  process 
inflexibility. 

.DAY  13:  I’ve  found  something  better:  IBM  WebSphere 
middleware.  It’ll  make  our  infrastructure  more  flexible 
by  seamlessly  integrating  our  apps.  We  can  change 
processes  in  a  snap  and  use  what  we  already  have — 
even  apps  from  SAP  and  Oracle.  And  with  IBM’s  industry- 
specific  expertise,  we’re  on  our  way  to  enabling  a 
service  oriented  architecture. 

_Hmmmm . . .WebSphere.  More  powerful  than  duct  tape. 


Download  our  IBM  SOA  Assessment  Tool  at: 

IBM.COM/TAKEBACKCONTROL/SOA 


.INFRASTRUCTURE  LOG 
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_DAY  35:  Whoa!  Came  in  today  and  found  a  black  hole. 
Information  goes  in  but  doesn’t  come  out.  This  is  bad. 

_DAY  36:  The  black  hole  just  sucked  in  three  interns. 
HR  is  not  pleased. 

_DAY  38:  I’ve  taken  back  control  with  IBM  Information 
Management  middleware.  It’s  built  on  open  standards. 
Totally  scalable.  Seamlessly  unites  all  our  critical 
information,  whatever  its  source.  Now  our  info  has 
real  business  value  that  can  help  spur  growth. 


_We  got  everything  back  from  the  black  hole.  Except 

•Hop  i  n+-prn<; 


IBM  and  the  IBM  logo  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 


